Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
9 replies Latest Post - ‏2013-12-17T15:17:23Z by Hsieh
Hsieh
Hsieh
588 Posts
ACCEPTED ANSWER

Pinned topic RDB v8.5.1 support CTGClient with SSL

‏2013-11-29T21:32:02Z |

Hi Folks,

My customer like to work CTGClient with SSL (certificate), is it possible ? 

and how to  install the certificate on RBD or somewhere ?

1. Scenario RDB Debug using ctgclient;

2. Scenario deploy to WAS using ctgclient;

Thanks !

Hsieh

  • markevans
    markevans
    2778 Posts
    ACCEPTED ANSWER

    Re: RDB v8.5.1 support CTGClient with SSL

    ‏2013-12-03T00:24:25Z  in response to Hsieh

    Hsieh,

    For now, take a look at ctgKeyStore in the linkage table.     I know it was put in to support CTG SSL.   This in relation to the CICS CTG documentation might give you the answer.

    I will try to do more tomorrow.

     

    • Hsieh
      Hsieh
      588 Posts
      ACCEPTED ANSWER

      Re: RDB v8.5.1 support CTGClient with SSL

      ‏2013-12-03T11:15:35Z  in response to markevans

      Hi Mark,

      Thanks for reply ! 

      But I'm not sure the ctgKeyStore is the solution.  For this, I need to install CTG Server on desktop and config with tool IKEYMAN.exe.

      I was searching in preferences and I found a option in Preferences >> Remote Systems >> SSL to add SSL Security Certificate.

      Please, could you confirm ?

      Thanks !

      Regards,  Hsieh

      • markevans
        markevans
        2778 Posts
        ACCEPTED ANSWER

        Re: RDB v8.5.1 support CTGClient with SSL

        ‏2013-12-03T23:05:18Z  in response to Hsieh

        Hsieh,

        Unfortunately this is not something I have setup so can't tell you all the details.  I don't think that preference is something RBD uses... in fact I did not find it in the RBd list of preferences.  Maybe this is for RDz and the remote systems explorer.

        Anyway, I found this section on configuring SSL under the CTG for z/OS infocenter.  It seems there are some tools in HFS so you should be able to create what you need under HFS. 

        http://pic.dhe.ibm.com/infocenter/cicstgzo/v8r0/topic/com.ibm.cics.tg.zos.doc/ctgzos/secconf.html

        So, I would suggest seeing if you can use "server authentication" and then generate a keystore that you can define in the EGL linkage table.

        good luck.

        • Hsieh
          Hsieh
          588 Posts
          ACCEPTED ANSWER

          Re: RDB v8.5.1 support CTGClient with SSL

          ‏2013-12-16T11:54:53Z  in response to markevans

          Hi Mark,

          Sorry for delay for response.  I was cjeck with cics admin about this.

          The help guide is poor, please could say, if the linkage option parm is fullpath + ctgKeyStore file name ?

          Thanks !

          Hsieh

          • markevans
            markevans
            2778 Posts
            ACCEPTED ANSWER

            Re: RDB v8.5.1 support CTGClient with SSL

            ‏2013-12-16T13:03:00Z  in response to Hsieh

            Hsieh,

            I am not sure what you are asking??  Can you try asking it a different way?

            Thanks.

            • Hsieh
              Hsieh
              588 Posts
              ACCEPTED ANSWER

              Re: RDB v8.5.1 support CTGClient with SSL

              ‏2013-12-16T13:11:31Z  in response to markevans

              Mark,

              On the linkage option field parm to ctgKeyStore, I must type fullpath and ctgKeyStore file name, correct ?

              i.e. C:\ctgclient\ctgssl.jks

              :-)

              Hsieh

              • markevans
                markevans
                2778 Posts
                ACCEPTED ANSWER

                Re: RDB v8.5.1 support CTGClient with SSL

                ‏2013-12-16T16:33:15Z  in response to Hsieh

                Hsieh,

                Unfortunately, I am not sure.  So far, I have not been able to find out more detail.

                I would suggest you try it with the fullpath keeping in mind that sometimes you need to either make the path c:/ctgclient/filename or c:\\ctgclient\\filename to get it recognized.

                A CTG trace might show you what is/is not working if it fails with the fullpath specified.

                I will ask around some more..but thought I would go ahead and respond to this.

                • markevans
                  markevans
                  2778 Posts
                  ACCEPTED ANSWER

                  Re: RDB v8.5.1 support CTGClient with SSL

                  ‏2013-12-17T13:48:57Z  in response to markevans

                  Hsieh,

                  I checked with our tester and developer and the full path/filename is what we specify in the linkage table.

                  And they noted that you needed to use forward slash ("/") for the separators not a backward slash.  

                  Take care.

                  Mark

                  • Hsieh
                    Hsieh
                    588 Posts
                    ACCEPTED ANSWER

                    Re: RDB v8.5.1 support CTGClient with SSL

                    ‏2013-12-17T15:17:23Z  in response to markevans

                    Good News !  Mark.

                    Thanks a lot.

                    Hsieh