Configuring SSL security between a Java Client and the Gateway daemon (SC06)

This scenario shows how to configure SSL on the connection between a Java™ client running on Windows, UNIX, or Linux and CICS® Transaction Gateway for Multiplatforms. The connection between CICS Transaction Gateway and CICS Transaction Server for z/OS® is over TCP/IP.

In this scenario you configure SSL security on the Gateway daemon, configure SSL server authentication and (optionally) SSL client authentication, and send an ECI request to the CICS server to check that the SSL connection works.

In this scenario, when the Java client attempts to connect to the Gateway daemon's SSL protocol handler, an SSL handshake between the Java client and the Gateway daemon is performed to authenticate the server and to establish the cryptographic keys which are used to protect the data to be transmitted. The scenario includes an optional step where the Gateway daemon requests the Java client to authenticate itself by providing its public key and digital certificate. This is known as client authentication

The following figure shows the topology used in this scenario.

In this topology the Java client is running on Windows. CICS Transaction Gateway is running on multiplatforms and CICS is on z/OS.

Follow the step-by-step instructions in this scenario using the following values:

Component Parameter Where set Example value
CICS TG protocol@ssl.handler SECTION GATEWAY in ctg.ini com.ibm.ctg.server.SslHandler
CICS TG clientauth In the protocol@ssl.parameters parameters in the SECTION GATEWAY in ctg.ini on
CICS TG keyring SECTION PRODUCT in ctg.ini MyServer.jks
CICS TG keyringpw SECTION PRODUCT in ctg.ini MyPassword
CICS TG port In the protocol@ssl.parameters parameters in the SECTION GATEWAY in ctg.ini 8573
CICS TG server SECTION SERVER in ctg.ini CICSA
CICS TG protocol SECTION SERVER in ctg.ini TCPIP
CICS TG netname SECTION SERVER in ctg.ini cicssrv1.company.com
CICS TG port SECTION SERVER in ctg.ini 7760

The sample configuration file for this scenario is available for you to download: ctg.ini


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tg_latest/help/topic/com.ibm.cics.tg.doc//ctgunx/sc06_ovr.html