Configuring the IPIC connection on CICS
To complete this task you use an editor to add a parameter to the startup JCL, you then edit the IPCONN autoinstall user program DFHISCIP, you then use a CEDA command to configure the TCPIPService definition and the IPCONN template definition.
- Define the system initialization parameter for the key ring by
adding the following system initialization parameter to the startup
JCL:
KEYRING=CTGSERVERKEYRING
- Configure an IPCONN autoinstall user program DFHISCIP:
- Modify the sample IPCONN autoinstall program to enable the autoinstall
of multiple secure IPCONNs.
CICS® provides the IPCONN autoinstall sample program DFHISxIP in Assembler, C, COBOL, and PL/I , where x is the program language (A, D, C or P). The sample program does not use a template by default, so if you want autoinstall requests to use a template you must update the program. In this example, the COBOL user program DFHISCIP is updated.
- Add the following lines to DFHISCIP to ensure that, when a request
arrives from a Java™ Client with
an APPLID beginning with SSL, the correct IPCONN
template is used to install an IPCONN with the required SSL settings.
If the APPLID starts SSLxxxxx use the SSLIDP template.
IF ISAIC-APPLID(1:3) = 'SSL' MOVE 'SSLIDP ' TO ISAIC-TEMPLATE MOVE ISAIC-APPLID TO ISAIC-IPCONN PERFORM X000-FINIS.
- Compile and link-edit your program into a data set that can be picked up by your CICS server.
- Modify the sample IPCONN autoinstall program to enable the autoinstall
of multiple secure IPCONNs.
- Configure a TCP/IP service:
- Create the following TCPIPService definition:
CEDA View TCpipservice( SSL51190 ) TCpipservice : SSL51190 GROup : SSLGROUP DEScription : IPIC LISTENER Urm : DFHISCIP POrtnumber : 51190 1-65535 STatus : Open Open | Closed PROtocol : IPic IIop | Http | Eci | User | IPic TRansaction : CISS Backlog : 00010 0-32767 TSqprefix : Host : ANY (Mixed Case) : Ipaddress : ANY SOcketclose : No No | 0-240000 (HHMMSS) Maxdatalen : 3-524288 SECURITY SSl : Clientauth Yes | No | Clientauth CErtificate : (Mixed Case) PRIvacy : Supported |Notsupported | Required | Supported CIphers : 050435363738392F303132330A1613100D0915120F0C03060201 AUthenticate : | No | Basic | Certificate | AUTORegister | AUTOMatic | ASserted Realm : (Mixed Case) ATtachsec : Local | Verify
- Ensure that the SSl parameter is set to Clientauth so that client authentication is performed on the connection.
- Create the following TCPIPService definition:
- Configure an IPCONN template:
- Create the following IPCONN definition:
CEDA View Ipconn( SSLIDP ) Ipconn : SSLIDP Group : SSLGROUP DEScription : IPIC CONNECTION IDENTIFIERS APplid : SSLIDP Networkid : Host : (Mixed Case) : Port : No No | 1-65535 Tcpipservice : SSL51190 IPIC CONNECTION PROPERTIES Receivecount : 100 1-999 SENdcount : 000 0-999 Queuelimit : No No | 0-9999 Maxqtime : No No | 0-9999 OPERATIONAL PROPERTIES AUtoconnect : No No | Yes INservice : Yes Yes | No SECURITY SSl : Yes No | Yes CErtificate : CTG PERSONAL CERT (Mixed Case) CIphers : 050435363738392F303132330A1613100D0915120F0C03060201 Linkauth : Certuser Secuser | Certuser SECurityname : Userauth : Identify Local | Identify | Verify | Defaultuser IDprop : Notallowed Notallowed | Optional | Required RECOVERY Xlnaction : Keep Keep | Force
- Use CEDA to install the TCPIPService and the IPConn definitions.
- Create the following IPCONN definition:
You have now configured the IPIC connection on CICS.