Configuring Secure Socket Layers

Data that travels across a network can be intercepted by third parties. When this data includes private information such as passwords or credit card numbers, steps must be taken to make this data unintelligible to unauthorized users. Using Secure Sockets Layer (SSL), you protect the integrity of information being passed between the mail server and the adapter.

Before you begin

To enable SSL, the following prerequisites must be satisfied:
  • The mail server must support secure IMAP, POP3, and SMTP communication using SSL
  • The mail server must have its own private key and certificate
  • An e-mail client must be installed

About this task

E-mails passing through the mail server are vulnerable to third-party interference when SSL is not configured for use with the adapter. Using SSL prohibits data from being modified either intentionally or unintentionally during transport and protects data from being intercepted. It is effective because it uses several cryptographic processes, such as public key cryptography for authentication with the mail server and secret key cryptography and digital signatures for privacy and data integrity. SSL allows the adapter to authenticate the identity of the mail server and, when necessary, for the mail server to authenticate the identity of the mail client.

Procedure

  1. Set the e-mail client truststore.
    A truststore helps an e-mail client decide what it can trust. When SSL is configured, IBM® Business Process Manager or WebSphere® Enterprise Service Bus sends its certificate to the e-mail client for verification. The e-mail client verifies the certificate to ascertain that it is communicating with the intended mail server. To enable this verification process, the certificate of the mail server must be present in the client's truststore. Use the following steps to set up the e-mail client truststore.
    1. In IBM Integration Designer, right-click the server and click Run administrative console.
    2. Expand Security.
    3. Select SSL certificate and key management.
    4. Under Related items, select Key stores and certificates.
    5. Select NodeDefaultTrustStore.
      Figure 1. Selecting NodeDefaultTrustStore
      This image is described in the surrounding text.
    6. Under Additional properties, select Signer certificates.
    7. Click Add.
    8. In the Alias field, type the certificate name.
      Figure 2. Adding signer certificate properties for the mail server certificate
      This illustration is described in the surrounding text.
    9. In the File name field, type the full path of the mail server certificate.
    10. Click OK.
  2. Configure SSL properties for the adapter.
    1. In the external service wizard, set enableSSL to True. By default, enableSSL is set to False.
    2. When using SSL for inbound communication, set the port number to 993 if you are using the IMAP e-mail protocol and 995 if you are using the POP3 e-mail protocol. For outbound communication using the SMTP e-mail protocol, set the port number to 465.
Parent topic: Security


Feedback

(C) Copyright IBM Corporation 2005, 2012. All Rights Reserved.
 This information center is powered by Eclipse technology. (http://www.eclipse.org)