SSL Client (IMS Connector for Java) | SSL Server (IMS Connect) |
---|---|
1. Decide if client authentication is required. If client authentication
is not required, skip to Step 5. Note: It is strongly recommended that you
use client authentication to protect against unauthorized access to IMS Connect.
|
|
2. If client authentication is required, obtain signed certificates and private key. | |
3. If client authentication is required, create a keystore and insert the client's private key and certificate. For more detail, see the description below. | |
4. If client authentication is required, insert the client's public key certificate into the keyring. See IMS Connect User's Guide (SC27-0946-03) for more information. | |
5. Create a truststore (another optional keystore) and insert the Server's public key certificate. Alternatively, insert the Server's public key certificate into the client's keystore if trusted and non-trusted certificates are stored in the same keystore. | |
6. Decide which IMS Connect SSL port to use. Set up the IMS Connect and SSL Configuration members with the appropriate values. For more information about setting up these configuration members, see IMS Connect User's Guide (SC27-0946). | |
7. Set up the connection factory with the appropriate SSL parameters, including the port number from step 6. For more detail, see the description below. | |
8. Bind the application to the SSL connection factory. |
Creating the keystore or truststore for the client
SSL configuration
A secure SSL connection between a Java client application and IMS Connect is created by ensuring that the connection factory used by the Java client application has the appropriate values for its SSL properties. See Connection properties for a description of the SSL property values.
Using IBM's WebSphere® and Rational® products as examples, there are multiple ways to set up SSL properties:
The following figure displays a J2C Connection Factory Custom Properties property sheet:
Note: Informational messages and warnings can be found in the trace.log file generated by WebSphere Application Server. See Logging and tracing with the IMS TM resource adapterfor information on IMS Connector for Java logging an tracing.
If the SSLEncryption value is set to ENULL, performance should be faster than SSL connections using Strong or Weak encryption. The level of improvement will depend on several factors, including whether hardware or software encryption is used. If hardware encryption is used, the improvement will be less because hardware encryption is faster than software encryption.