IBM Support

Configuring SSL between the CLA2 Client adapter and a CLA2 Local or Remote Server

Technical Blog Post


Abstract

Configuring SSL between the CLA2 Client adapter and a CLA2 Local or Remote Server

Body

To create a secure TCP connection you will have to activate SSL authentication on both the CLA2 Server and CLA2 adapter.

Recommendation: Before activating SSL between the CLA2 Remote or Local Server and the CLA2 adapter, make sure that the adapter can reach to the server through a TCP connection without SSL.

In the CLA adapter:

1) The "System Authentication Certificate" field should have the value: cla2auth

image

2) The "Use SSL" option should be set to yes.

image



3) The SSL Public CA Certificate should be set to "cla2ssl".

image

If you are connecting to a CLA2 Remote Server, copy the keystore named "cla2_KeyStore.jks" containing both the cla2auth and cla2ssl certificates to the Remote Server under the following path "client/cmdline2/".

You will find the "cla2_KeyStore.jks" keystore in the "<ISBI_Folder>/install/client/cmdline2/" folder in the ISBI filepath.

After finding the keystore, execute the following steps:

1) Copy the "cla2_KeyStore.jks" keystore from ISBI to the "client/cmdline2/" folder in the Remote server.

2) Make sure the "keystoreLocation" parameter in the CmdLine2server.properties from the Remote Server points to the correct location of the keystore (Ex. /client/cmdline2/cla2_KeyStore.jks).

3) Copy the password from the "keystorepassword" parameter located in the <ISBI_Folder>/install/properties/CmdLine2server.properties of the local server to the CmdLine2server.properties of the Remote Server. The password is already encrypted (Ex. CRYPTED:EI++...=)

4) Restart the remote CLA2 Server.

If you are connecting to a CLA2 Local Server, the "cla2_KeyStore.jks" keystore should already be located in the "<ISBI_Folder>/install/client/cmdline2/" folder and the required parameters (keystoreLocation and keystorepassword) should also already be pre-configured in the <ISBI_Folder>/install/properties/CmdLine2server.properties file.

Finally, test the connection to make sure that the CLA2 adapter can connect to the CLA2 server after SSL is activated.



Related Technotes:

"How to renew certificates for CLA2 Adapter and CLA2 Server in ISBI?" http://www-01.ibm.com/support/docview.wss?uid=swg21883788

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11121781

Page Feedback