Configuring a secure SSL connection

You can secure the IPIC connection from the JCA remote ECI resource adapter to CICS® by using SSL.

About this task

Complete the following steps to configure a secure SSL connection.

Completing this setup provides SSL with trusted Certificates exported from both MVS and the local client. An MVS user ID and password are also required for authentication.

Procedure

  1. Set up a CICS RACF® environment.
    For more information, see Configuring SSL server authentication on the CICS server .
  2. Set up the client security.
    For more information, see Configuring SSL server authentication on the client.
  3. Configure the client authentication.
    For more information, see Configuring SSL client authentication.
  4. Configure the IPIC connection on CICS.
    For more information, see Configuring the IPIC connection on CICS .
  5. Modify your server.xml to use the local KeyRingClass that was created in Step 2 and send your user ID and password. 
    
<connectionFactory id="com.ibm.cics.wlp.jca.local.eci"
jndiName="eis/ECI">
<properties.com.ibm.cics.wlp.jca.remote.eci
serverName="ssl://hostname:port"
keyRingClass="C:\Users\IBM_ADMIN\Documents\CICS\JCA\ctgclientkeyring.jks"
keyRingPassword="password"
userName="user_ID"
password="*******"
applid="JCASSL"
applidQualifier="ABCDEFGH"
/>
</connectionFactory>

Results

The JCA remote ECI resource adapter secures requests to CICS by using SSL and the key ring, user ID, and password that are specified in server.xml.