SSL Client (IMS Connector for Java) | SSL Server (IMS Connect) |
---|---|
1. Decide if client authentication is required. Note: It is strongly
recommended that you do use client authentication to protect against unauthorized
access to your IMS Connect.
If client authentication is not required,
skip to Step 5. |
|
2. If client authentication is required, obtain signed certificates and private key. | |
3. If client authentication is required, create a keystore and insert the client's private key and certificate. For more detail, see the description below. | |
4. If client authentication is required, insert the client's public key certificate into the keyring. See IMS Connect User's Guide (SC27-0946-03) for more information. | |
5. Create a truststore (another optional keystore) and insert the Server's public key certificate. Alternatively, you would insert the Server's public key certificate into the client's keystore if trusted and non-trusted certificates are stored in the same keystore. | |
6. Decide which IMS Connect SSL port to use. Set up the IMS Connect and SSL Configuration members with the appropriate values. For more information about setting up these configuration members, see IMS Connect User's Guide (SC27-0946). | |
7. Set up the connection factory with the appropriate SSL parameters, including the port number from step 6.For more detail, see the description below. | |
8. Bind the application to the SSL connection factory. |
Creating the keystore or truststore for the client
SSL configuration
A secure SSL connection between a Java client application and IMS Connect is created by ensuring that the connection factory used by the Java client application has the appropriate values for its SSL properties. See Connection properties for a description of the SSL property values.
There are two ways to set up SSL properties:
Note: Informational messages and warnings can be found in the trace.log file generated by WebSphere Application Server.