To
use SSL, both the client (the IMS™ TM resource
adapter) and
the server (IMS Connect) must
be configured.
About this task
To configure the
IMS TM resource
adapter and IMS Connect for SSL:
Procedure
- Decide if client authentication is required on the SSL
server, IMS Connect. If client
authentication is not required, skip to step
3.
Recommendation: Us
client authentication to protect against unauthorized access to IMS Connect.
- When client authentication
is required, the client must have a signed certificate in the server's
truststore or keyring.
- Obtain signed
certificates and a private key for the
client.
- On the client, create a keystore
and insert the client's
private key and certificate.
- On the server (IMS Connect), insert the client's public
key certificate into the keyring. See IMS Version 14 Communications and Connections
IMS Version 14 Communications and Connectionsfor more information.
- On the client,
create a truststore (another
optional keystore) and insert the server's public key certificate
. Alternatively, insert the public key certificate into the client
keystore if trusted and non-trusted certificates are stored in the
same keystore.
- Decide which IMS Connect SSL port to use. Set up the IMS Connect and SSL configuration members with the appropriate
values. For more information about setting up these configuration members, see IMS Version 14 Communications and Connections.
- Set up the connection factory with the appropriate
SSL
parameters, including the port number from step
4.
- Bind the application to the SSL
connection factory.
Results
Tip: If
the SSLEncryption value is set to ENULL,
performance is faster than SSL connections that use Strong or Weak
encryption. The level of improvement depends on several factors, including
whether hardware or software encryption is used. In general, hardware
encryption is faster than software encryption.