Configuring IBM Sterling Connect:Direct nodes to use TLS

Configure TLS server authentication for your IBM® Sterling Connect:Direct® nodes by setting up a public key infrastructure, creating or modifying a policy, and specifying a value for the Connect Direct protocol property. By default, TLS is not enabled for any policies.

Transport Layer Security (TLS) is a cryptographic protocol that is designed to provide communications security over a computer network. It provides integrity, and authenticity by using public key certificates between two or more communicating computer applications.

Before you begin

You must install IBM App Connect Enterprise 12.0.8.0 or later to use this feature.

About this task

You can configure IBM Sterling Connect:Direct nodes to use TLS by changing an existing IBM Sterling Connect:Direct policy or by creating a new IBM Sterling Connect:Direct policy. For more information, see Creating policies with the IBM App Connect Enterprise Toolkit and Connect:Direct Server policy (CDServer).

Procedure

Set up public key infrastructure, creating or modifying the trust store at the integration node or integration server level. For more information, see Setting up a public key infrastructure.
Set the IBM Sterling Connect:Direct message flow node Policy property to reference a IBM Sterling Connect:Direct Policy that has:
- Appropriate values set for the Port number and Host name properties.
- The protocol property set, for example to TLS12. For more information about values for the IBM Sterling Connect:Direct protocol. see https://www.ibm.com/support/pages/connectdirect-application-interface-java-protocol-and-cipher-suite-syntax.
Deploy the policy project that contains your Connect Direct policy to the integration server where your associated message flow is deployed.

Testing your configuration

About this task

Use either a CDInput node, or a CDOutput node to open a TLS connection to an IBM Sterling Connect:Direct server application that is listening on a TCP/IP port.