If there is at least one general/known-hosts/key-store element configured, SAF validation will be used and Tectia validation will not be used. This is different from Tectia Server for IBM z/OS version 5.x, where you could specify saf,tectia, and both validations were performed and both had to succeed.
To configure the client to trust the server's SAF certificate by using SAF validation only, perform the following tasks. Replace the names and IDs with those appropriate to your system:
Get the server host certificate and store it to a dataset, for example 'SERVER1.CRT'.
To add the server certificate into SAF, give the following TSO commands: