Securing Host Communications

By default, you get a non-secure connection with the host in the Designer. To enable a secure connection (encrypted communication using SSL over HTTPS), you will need to add at least one system property to a file named config.ini. This file is located in a subfolder named configuration where you installed the Bridge Designer.

In a text editor, look for the line labeled System properties, and add these lines:

com.attachmate.cicsbridge.defaultimpl=SOAP
com.attachmate.cicsbridge.defaultsecureconnection=true
javax.net.ssl.trustStore=Location of keystore file

You may find that these properties already exist in the file; they just need to be uncommented and updated. A line that starts with a number sign (#) is a comment.

Because the Bridge Designer is a Java application, you will need to create a trust store with the Java keytool utility. Update the path indicated for the javax.net.ssl.trustStore property to point to the trust store file you have created. There is a certain amount of administration required. For example, you will need to import your certificate(s) with the keytool utility. Depending on the type of authentication, level of encryption, and particular encryption algorithms you have chosen, you may need to add additional system properties to config.ini for the connection to work. See the Java Development Kit documentation on SSL for more information.

Securing the connection when using the Java client is also done using system properties. See the JavaDocs for more information.

In a similar way, you use system environment variables to secure the connection when using the .NET client. Instead of adding certificates to a trust store, though, your certificates must be added to a certificate collection on the Web service itself. See the .NET client documentation for details.

Related Topics
Bullet Protecting Sensitive Data
Bullet Configuring for Client Authentication
Bullet CICS 3270 Bridge Interface API Guides
  Attachmate