SSL configuration for IPIC connections

SSL can be defined for local or remote IPIC connections.

Local mode

In local mode, IPIC connections use the SSL key ring settings of either the Java™ base class or the resource adapter.
  1. To configure SSL for the Java base classes:
    1. Create a java.util.Properties object.
    2. Add the following properties:
      1. JavaGateway.SSL_KEYRING_CLASS, <keyring file location>
      2. JavaGateway.SSL_KEYRING_PASSWORD, <password>
    3. Set the properties on the JavaGateway by calling the setProtocolProperties() method, passing the java.util.Properties object.
    4. Define the server name as ssl://<server_name>:<port>. Set the server name on the ECIRequest object and not on the JavaGateway object.
  2. To configure an SSL connection for a resource adapter, edit the connection factory custom properties:
    1. Set the serverName property to ssl://<server_name>:<port>.
    2. Set the keyRingClass property to the location of the key ring file or Java keystore.
    3. If the keyRingClass property specifies a Java keystore, then set the keyRingPassword property to the password of the key ring file.

For more information, see ECI resource adapter deployment parameters and SSL key ring configuration.

Remote mode

To configure the Gateway daemon to use SSL connections to CICS®:

  1. Set the key ring parameters for the Gateway daemon. For more information, see SSL key ring configuration.
  2. To enable SSL on each IPIC connection, set the ssl parameter in the IPICSERVER section of the configuration file to Y.
  3. If you want to limit the cipher suites that are enabled for the connection, set the ciphersuites parameter to a comma separated list of cipher suites to use.