Configuring SSL security between a Java Client and the Gateway daemon (SC05)

This scenario shows you how to configure SSL security on the Gateway daemon, configure SSL server authentication and (optionally) SSL client authentication, and send an ECI request to the CICS® server to check that the SSL connection works.

In this scenario, when the Java™ client attempts to connect to the Gateway daemon's SSL protocol handler, an SSL handshake between the Java client and the Gateway daemon is performed to authenticate the server and to establish the cryptographic keys which are used to protect the data to be transmitted. The scenario includes an optional step where the Gateway daemon requests the Java client to authenticate itself by providing its public key and digital certificate. This is known as client authentication.

The following figure shows the topology used in this scenario.

In this topology the Java client is running on Windows. CICS Transaction Gateway is running in the same IBM z/OS LPAR as CICS.
Figure 1. Topology used in this scenario

Follow the step-by-step instructions in this scenario using the following values:

Component Parameter Where set Example value
CICS TG protocol@ssl.handler SECTION GATEWAY in ctg.ini com.ibm.ctg.server.SslHandler
CICS TG port In the protocol@ssl.parameters parameters in the SECTION GATEWAY in ctg.ini 8573
CICS TG clientauth In the protocol@ssl.parameters parameters in the SECTION GATEWAY in ctg.ini on
CICS TG keyring SECTION PRODUCT in ctg.ini CTGKEYRING
CICS TG esmkeyring SECTION PRODUCT in ctg.ini on
RACF® user ID RACDCERT command CTGUSER
RACF name (self-signed certificate) RACDCERT command CTG CA CERT
RACF name (personal certificate) RACDCERT command CTG PERSONAL CERT
RACF name (keyring) SECTION PRODUCT in ctg.ini CTGKEYRING
RACF filename (personal certificate) RACDCERT command CTGUSER.PERSONAL.CERT
Java Client filename (personal certificate) FTP command client.personal.cert.arm
Java Client keyring filename iKeyman myclientkeyring.jks
Java Client password iKeyman mypassword
Java Client label iKeyman cics tg racf server certificate
The sample configuration and environment variable files for this scenario are:
  • ctg.ini
  • CTGS05NV
The sample files are installed in UNIX directory <install path>/samples/scenarios/sc05 and in the <install.hlq>.SCTGSAMP library.