To complete this task you edit the CICS® Transaction Gateway configuration file (ctg.ini) to define the SSL protocol handler and its parameters.
The Gateway daemon requires details of the server keyring MyServer.jks. This keyring contains the server certificate exampleservercert that the Gateway daemon SSL handler uses as a personal certificate to identify itself to the client.
If client authentication is enabled, the server keyring requires the client certificate as a signer certificate. In this scenario, the client certificate is exampleclientcert and in the server keyring, my self-signed client certificate. The Gateway daemon SSL handler uses this signer certificate to verify the identity of the client when it attempts to connect using its personal certificate.
protocol@ssl.handler=com.ibm.ctg.server.SslHandler
This is the name of the keyring to be used by this SSL protocol handler. For more information, see Key ring file.
This is the password that you used for the server key ring. For more information, see Key ring password.
SECTION PRODUCT
KeyRing=MyServer.jks
KeyRingPw=MyPassword
ENDSECTION
This parameter determines whether or not client authentication occurs. Valid values are on (client authentication occurs) and off (client authentication does not occur). The default is off.
This parameter identifies the TCP/IP port on which the protocol handler listens for incoming client requests.
When you have made these updates, the SSL protocol handler parameters definition in your configuration file should contain the following definition:
protocol@ssl.parameters=clientauth=on;port=8573
You have now configured the Gateway daemon for SSL.