Setting up iSeries servers to use SSL

To set up your iSeries servers to use SSL with IBM Toolbox for Java, complete the following steps:

  1. Begin changeInstall the IBM Cryptographic Access Provider for iSeries licensed program (5722-AC2 or 5722-AC3) on your iSeries servers to provide server-side encryption.
  2. Install the IBM iSeries Client Encryption licensed program (5722-CE2 or 5722-CE3) on your iSeries server.End change Client Encryption provides the Java classes and utilities used by the IBM Toolbox for Java classes on the client side.
  3. Change the authority of the directory that contains the client encryption files.
  4. Get and configure the server certificate.
  5. Apply the certificate to the following iSeries servers that are used by IBM Toolbox for Java:

Changing the authority of the directory that contains the client encryption files

To help you meet the SSL legal responsibilities required when using cryptography algorithms, the directory that contains the files is shipped with public authority *EXCLUDE. You must change the authority of the directory to allow access by only those users authorized to use encryption algorithms.

Use OS/400 object security to control access to the client encryption files by completing the following steps:

  1. On your server, enter the following command:
    wrklnk '/QIBM/ProdData/HTTP/Public/jt400/*'
    
  2. Select option 9 in the SSL56 or SSL128 directory.
  3. Ensure that *PUBLIC has *EXCLUDE authority.
  4. Give *RX authority to the directory to individual or groups of users who need access to the SSL files.

    Note:You can not deny access to the SSL files to users that have *ALLOBJ special authority.

Getting and configuring server certificates

Before you get and configure your server certificate, you need to install the following products:

The process you follow to get and configure your server certificate depends on the kind of certificate you use: