Configuring the Gateway daemon for SSL

Updating the CICS® Transaction Gateway configuration file (ctg.ini) for SSL.

Edit the ctg.ini file to add the SSL handler definition protocol@ssl.handler=com.ibm.ctg.server.SslHandler.
Add the following parameters to the SSL handler parameters definition protocol@ssl.parameters:

port

This parameter identifies the TCP/IP port on which the protocol handler listens for incoming client requests.

clientauth

This parameter determines whether or not client authentication occurs. Valid values are on, client authentication is performed, or off, client authentication is not performed. The default is off.

For example, if you have taken the optional step of configuring the SSL client authentication:
```
protocol@ssl.parameters=port=8573;\
                        clientauth=on;                                        
```
Add the following parameters to the PRODUCT section:

keyring

This parameter specifies the name of the keyring to be used by this protocol handler. For more information, see Key ring file.

esmkeyring

This parameter specifies that the SSL keyring is stored in an external security manager (ESM). For more information, see ESM key ring.

For example:
```
SECTION PRODUCT
KEYRING=CTGKEYRING
ESMKEYRING=ON
ENDSECTION 
```
Save the changes.