Enabling TLS for IMS Remote Source

Before you begin

Follow the instructions in Creating a private keystore and a trust store for encryption to create a private keystore and a truststore as needed.

Procedure

1. Enable TLS by creating tls.properties in the Docker classiccdc volume.
2. Uncomment and update the properties files as needed:

   #################################################
   # This section is for configuring IMS Remote Source connections between: Classic Data Architect, Access Server, the log reader, and the target agent.  
   
   trustStorePath=/path/to/trust.jks
   trustStorePassword=password
   trustStoreType=PKCS12
   
   privateKeyStorePath=/path/to/privatekey.jks
   privateKeyStorePassword=password
   privateKeyStoreType=PKCS12
   
   # enableTLS=true
   

   Where:

   • trustStorePath: The path to the truststore that contains trusted root certificates.
   • trustStorePassword: The password that is required to unlock the truststore .
   • trustStoreType: The type of truststore: Currently PKCS12 is supported.
   • privateKeyStorePath: The path to the private keystore that contains the private key and public certificate chain.
   • privateKeyStorePassword: The password that is required to unlock the privatekeystore.
   • privateKeyStoreType: The type of truststore: Currently PKCS12 is supported.
   • enableTLS: Whether to enable TLS: true or false.
3. Note that both a truststore and private keystore are required by tls.properties.

   For more details, see CAC00150E Setup for client connections failed using COMMSTRING.

4. Once configuration is done, restart the container for the changes to take effect.

Note

Once TLS is enabled on IMS Remote Source, all other replication components must also have TLS enabled.

For Classic Data Architect, see Using CDA to connect to a server configured with AT-TLS.

For Access Server, see Configuring TLS encryption properties for Access Server.

For Target Engine, see the relevant CDC Replication Engine topic under About CDC Replication.