Configuring the Gateway daemon for SSL

To complete this task you edit the CICS® Transaction Gateway configuration file (ctg.ini) to define the SSL protocol handler and its parameters.

The Gateway daemon requires details of the server keyring MyServer.jks. This keyring contains the server certificate exampleservercert that the Gateway daemon SSL handler uses as a personal certificate to identify itself to the client.

If client authentication is enabled, the server keyring requires the client certificate as a signer certificate. In this scenario, the client certificate is exampleclientcert and in the server keyring, my self-signed client certificate. The Gateway daemon SSL handler uses this signer certificate to verify the identity of the client when it attempts to connect using its personal certificate.

  1. Edit the ctg.ini configuration file to add the following SSL protocol handler definition:
    protocol@ssl.handler=com.ibm.ctg.server.SslHandler
  2. Update the PRODUCT section definition:
    1. Set keyring to MyServer.jks.

      This is the name of the keyring to be used by this SSL protocol handler. For more information, see Key ring file.

    2. Set keyringpw to MyPassword.

      This is the password that you used for the server key ring. For more information, see Key ring password.

    When you have made these updates, the PRODUCT section of your configuration file should contain the following definitions:
    SECTION PRODUCT
        KeyRing=MyServer.jks
        KeyRingPw=MyPassword
    ENDSECTION
  3. Update the SSL protocol handler parameters:
    1. Set clientauth to on. Do this if you followed the steps on Configuring SSL client authentication.

      This parameter determines whether or not client authentication occurs. Valid values are on (client authentication occurs) and off (client authentication does not occur). The default is off.

    2. Set port to 8573.

      This parameter identifies the TCP/IP port on which the protocol handler listens for incoming client requests.

    When you have made these updates, the SSL protocol handler parameters definition in your configuration file should contain the following definition:

     protocol@ssl.parameters=clientauth=on;port=8573
  4. Save the changes.

You have now configured the Gateway daemon for SSL.


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tg_latest/help/topic/com.ibm.cics.tg.doc//ctgunx/sc06_conf.html