Topic
2 replies Latest Post - ‏2011-06-09T13:39:10Z by SystemAdmin
SystemAdmin
SystemAdmin
260 Posts
ACCEPTED ANSWER

Pinned topic CICS server Connection: WAS6.1 SSL Keystore JSSE configuration with J2C

‏2011-06-08T13:28:25Z |
We are trying to use the SSL keystore JSSE configuration (128 byte encryption) from websphere application server J2C Connection factory for ECIManagedConnection. Earlier we used the java based 56 byte encryption keyring class file , where we use to provide "keryring" as the KeyRingClass and corresponding password in J2C Connection Factory custom properties.
Now we want to use teh keystore(.jks) in the KeyRingClass class. Should we add the complete path to the .jks(/var/tmp/ctgmessl.jks) or just use the alias name in the keystore .
It is working fine without te J2C ConnectionFactory using(java com.ibm.ctg.samples.eci.EciB1 connectionurl port ctgmessl.jks password) , but see below error using the J2CConnection Factory

17:15:12:019 : WebContainer : 0:24a45e : Exception Logged com.ibm.connector2.cics.ECIManagedConnection
6/7/11 17:15:12:019 EDT 0000002d ECIManagedCon 3 java.io.IOException: CCL6651E: Unable to connect to the Gateway. address = ctgdev, port = 3701 java.io.IOException: CCL6687E: Keyring was tampered with, or password was incorrect
Updated on 2011-06-09T13:39:10Z at 2011-06-09T13:39:10Z by SystemAdmin
  • crshnburn
    crshnburn
    1 Post
    ACCEPTED ANSWER

    Re: CICS server Connection: WAS6.1 SSL Keystore JSSE configuration with J2C

    ‏2011-06-08T15:22:12Z  in response to SystemAdmin
    Hello,

    The value specified in the KeyRingClass custom property should be the full path to where the keyring file exists.

    If you are running with Java 2 Security enabled in WebSphere you'll need to ensure that the application server has the necessary permissions to access the keyring file. Further details about what this involves can be found in the CICS TG Information Center -> http://publib.boulder.ibm.com/infocenter/cicstgzo/v8r0/topic/com.ibm.cics.tg.zos.doc/progdezos/cclaojse.ide0.html

    Andrew
    • SystemAdmin
      SystemAdmin
      260 Posts
      ACCEPTED ANSWER

      Re: CICS server Connection: WAS6.1 SSL Keystore JSSE configuration with J2C

      ‏2011-06-09T13:39:10Z  in response to crshnburn
      Hi,
      I still have issue with this . The Java 2ecurity is not enabled . This is working with the 56 byte encryption which java based keyring class file with j2c Connection factory. But not working with the .jks (128 byte). I have tried with the full path for the connection factory property KeyRingClass= Full path to jks.

      This .jks with the SSL password is working with standalone sample class available with the ctg samples for java. But I only have issues when using the websphere connection factory.

      Also I could not find the error trace in any documentation for CCL6687E . Am I missing any jars in the websphere classpath . I am using webspher 6.1.0.13 version
      CCL6651E: Unable to connect to the Gateway. address = ctgdev, port = 3701 java.io.IOException: CCL6687E: Keyring was tampered with, or password was incorrect