This example shows the steps to configure CM to listen for an SSL connection.
For this example, you have a CM whose config file NAME setting is "cm1". If you have a 64 bit
version of Informix server, you need to use gsk8capicmd_64.
-
To configure cm1 to listen for an SSL connection, in the CM's $INFORMIXDIR/ssl create a
keystore file named "cm1.kdb".
$ gsk8capicmd -keydb -create -db cm1.kdb -pw test -type cms -expire 3650 -stash -pqc false
Important: If your GSKit version is >= 8.0.55.28, you have to add '-pqc false' when
creating a keydb
Note: Ensure that this file is owned by the user running oncmsm (usually informix) and has 600
permissions.
-
Obtain the certificate, creating it if necessary. Note its label.
$ gsk8capicmd -cert -create -db cm1.kdb -pw test -dn "CN=`hostname`" -size 2048 -label cm1ListeningCert
-
Import the desired certificate into the keystore.
In the example above, the "cm1ListeningCert" certificate is created in the cm1.kdb keystore.
Below is an example of the importing a certificate in a PEM file into the keystore:
$ gsk8capicmd -cert -add -db cm1.kdb -pw test -file filewithcertificatetoimport.pem -label $INFORMIXSERVER -format ascii -trust enable
-
In cm1's config file set "SSL_LABEL" to the certificate's label:
SSL_LABEL cm1ListeningCert