To use SSL, both the client (the IMS TM resource adapter) and the server (IMS Connect) must be configured.
About this task
To configure the IMS TM resource adapter
and IMS Connect for SSL:
Procedure
-
Decide if client authentication is required on the SSL server, IMS Connect. If client authentication is not required, skip to step
3.
Recommendation: Us client authentication to protect against
unauthorized access to IMS Connect.
-
When client authentication is required, the client must have a signed certificate in the
server's truststore or keyring.
-
Obtain signed certificates and a private key for the client.
-
On the client, create a keystore and insert the client's private key and certificate.
-
On the server (IMS Connect), insert the client's public
key certificate into the keyring. See IMS Version 14 Communications and Connections for more
information.
-
On the client, create a truststore (another optional keystore) and insert the server's
public key certificate . Alternatively, insert the public key certificate into the client
keystore if trusted and non-trusted certificates are stored in the same keystore.
-
Decide which IMS Connect SSL port to use. Set up the
IMS Connect and SSL configuration members with the
appropriate values.
For more information about setting up these configuration members, see IMS Version 14 Communications and Connections.
-
Set up the connection factory with the appropriate SSL parameters, including the port
number from step 4.
-
Bind the application to the SSL connection factory.
Results
Tip: If the SSLEncryption value is set to ENULL, performance is faster than
SSL connections that use Strong or Weak encryption. The level of improvement depends on several
factors, including whether hardware or software encryption is used. In general, hardware
encryption is faster than software encryption.