The Secure Sockets Layer (SSL) can be used with HTTP to enable encryption, message authentication, and client and server authentication using certificates. The HTTPS scheme is HTTP with SSL. When you have configured CICS® to use SSL, its facilities are available for both CICS as an HTTP server, and CICS as an HTTP client.
When CICS is an HTTP server, you can use SSL to protect an interaction with a Web client. To do this, specify appropriate security options on the TCPIPSERVICE definition for the port on which CICS receives the client's requests.
As well as specifying the use of SSL, you can require basic authentication
or require a client certificate. To give more assistance to Web clients, you
can allow a client to provide a client certificate, and then register themselves
to the security manager to supply identification for the CICS environment.
You can also allow a client to use self-registration or basic authentication
as needed to supply identification. All these activities are handled by CICS itself,
so if you are providing an application-generated response, your application
does not need to handle this. Creating TCPIPSERVICE resource definitions for CICS Web support explains
how to create TCPIPSERVICE definitions that include these security options. (Note that when CICS document templates
and HFS files are delivered directly from a URIMAP definition, as a static
response, basic authentication does not operate. If you need to implement
access controls based on a user ID, use an application to provide the resources
as a dynamic response.)