Specifying SSL connection for QMF Data Service

Use the SSL area to secure JDBC and HTTP network communication between the QMF Data Service and the Data Service server.

About this task

To specify the SSL connection details for QMF Data Service:

Procedure

  1. From the main menu, click Preferences > QMF Data Service > SSL.
  2. Select the Enable the use of SSL certificates for QMF Data Service check box to specify the SSL connection details for QMF Data Service. Only after selecting this check box, you can configure the Protocol, Server Authentication, and Client Authentication details.
  3. If enabled to use the SSL certificates, select the Protocol version for communication between QMF for Workstation, QMF for WebSphere® or QMF Server and the Data Service server. QMF Data Service supports TLS 1.3, TLS 1.2, TLS 1.1, and TLS 1.
  4. Select the Authentication Strategy options from the radio group:
    • Require server validation: Select if you require all the Data Service server certificates be authenticated and complete the following fields:
      • Truststore: The path name of the file on the local machine. The file must contain the Data Service server certificate authority (CA).
      • Password: The password for the truststore file.
      • Type: The truststore file type. For example, JKS, PKCS12.
    • Allow self-signed certificate: Select to allow the Data Service server to use self-signed certificates and complete the following fields:
      • Truststore: The path name of the file on the local machine. The file must contain the self-signed server CA (certificate authority) certificate.
      • Password: The password for the truststore file.
      • Type: The truststore file type. For example: JKS, PKCS12.
    • Trust all certificates: Select to allow all Data Service server certificates. If enabled, the QMF Data Service does not validate the server certificate.

      The default setting is Require Server Validation.

  5. Select the Enable client authentication check box, to enable client-side authentication. The following fields are only enabled if you select this check box.
    1. Keystore :The path name of the file on the local machine. The file must contain a client certificate which has been signed by the server CA.
    2. Password: The password for the keystore file.
    3. Type . The keystore file type. For example: JKS, PKCS12.
    4. Alias:To confirm that the password is valid and that the alias (label) appears, click Refresh.
  6. Click Apply.
  7. Click Ok.