Enabling Secure Sockets Layer (SSL)

IBM® InfoSphere® Information Server supports Secure Sockets Layer (SSL) communication between the application server and client components. If your environment requires confidentiality at the EJB or HTTP level, you can enable SSL.

About this task

SSL is not enabled by default within InfoSphere Information Server. If you do not configure HTTPS, HTTP is used instead. SSL adds greater security to your system, but also requires more administrative work and can be error-prone. SSL carries a performance impact, so carefully consider the benefits and drawbacks before enabling SSL. You might not need SSL if you have a strong firewall in place, but SSL provides the following benefits:
Encryption
Data sent over an SSL connection is encrypted.
Identification
Communication is permitted only if the server is positively verified. Before communications begin, the server sends the client a certificate. The signature in the certificate is decrypted by the client to verify the authenticity of the sender.

You enable SSL for inbound secure HTTP (HTTPS) and inbound RMI/IIOP (EJB communication) client-server communication.

Procedure

  1. Configure the application server to communicate by using SSL.
  2. Configure InfoSphere Information Server components on the following tier computers to use SSL.
    Engine tier computers Services tier computers Client tier computers
    • Agents
    • Command-line tools
    • Command-line tools
    • Command-line tools
    • Rich client programs

    Rich client programs include the InfoSphere Information Server console, the IBM InfoSphere DataStage® and QualityStage® Director, Designer, and Administrator clients, and the IBM InfoSphere FastTrack client
  3. Use one of the following methods to configure rich client programs to communicate with the application server by using HTTPS.
    Method Procedure
    Manual Edit configuration files on each computer that contains the components, and install the HTTPS certificate on the computer
    Automatic Configure the components from within the installation program during installation (this method is available for most installation scenarios)
    You must use the manual method in the following scenarios:
    • You install WebSphere® Application Server by using the InfoSphere Information Server installation program. In this case, you must use the manual method after installation to configure the services tier for HTTPS. If you install the client tier or the engine tier in the same installation pass, you must also manually configure the tiers that you install in the pass for HTTPS.
    • You install the client tier only in an installation pass, either on a computer that has no other tiers installed, or on a computer that has other tiers installed. In this case, you must use the manual method after installation to configure the client tier for HTTPS.
  4. After SSL is enabled, specify the following HTTPS information:
    Tool type Procedure
    To access web-based InfoSphere Information Server client tools Specify an HTTPS URL and port in the web browser
    To access rich client tools Specify an HTTPS-enabled port when logging in to each tool
Parent topic: Configuring IBM InfoSphere Information Server