Configuring TLS on the Data Streamer
You can set up secure communications between the Z Common Data Provider Data Streamer and its subscribers with one-way or two-way TLS.
About this task
Note: Do not configure a proxy if you intend to establish secure communication (one‑way or
two‑way TLS) directly between the Data Streamer and the subscriber. When a proxy is used, the secure
connection terminates between the Data Streamer and the proxy. TLS cannot be passed through or
extended to the subscriber. As a result, the Data Streamer‑to‑subscriber connection cannot be
secured with TLS when a proxy is in use.
Refer to the following diagram to understand the
secure communication enhancements for the Data Streamer:
- Set up one-way TLS authentication for the Data
StreamerThe following scripts are used to configure one-way TLS authentication for the Data Streamer. You can find the provided scripts in the target library: /usr/lpp/IBM/zcdp/v5r1m0/DS/LIB.
setupDataStreamerTLS.shimportCertificate.sh
- Set up two-way TLS authentication for the Data
StreamerThe following script is used to configure two-way TLS authentication for the Data Streamer. You can find the provided scripts in the target library: /usr/lpp/IBM/zcdp/v5r1m0/DS/LIB.
importKey.sh
Important: One-way authentication creates a truststore on the client and a keystore on
the server. Two-way authentication creates a truststore and a keystore on both the client and the
server. Therefore, setting up one-way authentication is a prerequisite for two-way
authentication.