This scenario shows how to configure SSL on the connection between a Java™ client running on Windows, UNIX, or Linux and CICS® Transaction Gateway for Multiplatforms. The connection between CICS Transaction Gateway and CICS Transaction Server for z/OS® is over TCP/IP.
In this scenario you configure SSL security on the Gateway daemon, configure SSL server authentication and (optionally) SSL client authentication, and send an ECI request to the CICS server to check that the SSL connection works.
In this scenario, when the Java client attempts to connect to the Gateway daemon's SSL protocol handler, an SSL handshake between the Java client and the Gateway daemon is performed to authenticate the server and to establish the cryptographic keys which are used to protect the data to be transmitted. The scenario includes an optional step where the Gateway daemon requests the Java client to authenticate itself by providing its public key and digital certificate. This is known as client authentication
The following figure shows the topology used in this scenario.
Follow the step-by-step instructions in this scenario using the following values:
Component | Parameter | Where set | Example value |
---|---|---|---|
CICS TG | protocol@ssl.handler | SECTION GATEWAY in ctg.ini | com.ibm.ctg.server.SslHandler |
CICS TG | clientauth | In the protocol@ssl.parameters parameters in the SECTION GATEWAY in ctg.ini | on |
CICS TG | keyring | SECTION PRODUCT in ctg.ini | MyServer.jks |
CICS TG | keyringpw | SECTION PRODUCT in ctg.ini | MyPassword |
CICS TG | port | In the protocol@ssl.parameters parameters in the SECTION GATEWAY in ctg.ini | 8573 |
CICS TG | server | SECTION SERVER in ctg.ini | CICSA |
CICS TG | protocol | SECTION SERVER in ctg.ini | TCPIP |
CICS TG | netname | SECTION SERVER in ctg.ini | cicssrv1.company.com |
CICS TG | port | SECTION SERVER in ctg.ini | 7760 |
The sample configuration file for this scenario is available for
you to download: ctg.ini