Authentication

The following figure illustrates the authentication process using the TLS or SSL protocol:

The following steps occur during authentication:

  1. The PNODE (client) sends a control block containing protocol (TLS or SSL) and cipher information to the SNODE (server). The SNODE confirms that it has a record defined in its Connect:Direct® Secure Plus parameter file for the PNODE, and determines if a common cipher can be found and used for secure communication. Cipher suites are used to encrypt the data being sent between nodes. If the SNODE finds a record for the PNODE in its IBM Connect:Direct Secure Plus parameter file and verifies it has a cipher defined in common with the PNODE, a common cipher is negotiated and the session continues.
  2. The SNODE sends its ID certificate to the PNODE who confirms that it has a record defined in the IBM Connect:Direct Secure Plus parameter file. Information for creating a public key is included. The PNODE verifies the ID certificate of the SNODE using the trusted root certificate file defined in its IBM Connect:Direct Secure Plus parameter file, and generates a session key.
  3. If client authentication is enabled on the SNODE, the SNODE requests an ID certificate from the PNODE. The PNODE sends its ID certificate defined in its IBM Connect:Direct Secure Plus parameter file to the SNODE for verification against the trusted root certificate file specified in the SNODE's IBM Connect:Direct Secure Plus parameter file. If a common name was also specified in the IBM Connect:Direct Secure Plus parameter file for the PNODE, this name is used to verify the common name field of the PNODE's certificate.
  4. The SNODE confirms that a secure environment is established and returns a secure channel message.