Securing Host Communications


By default, communications with the host are non-secure. To enable a secure connection (encrypted communication using SSL over HTTPS), you will need to add at least one system property to the config.ini file. This file is located in the configuration directory where you installed the Bridge Designer.

In a text editor, look for the line labeled System properties, and add these lines:

com.attachmate.cicsbridge.defaultimpl=SOAP
com.attachmate.cicsbridge.defaultsecureconnection=true
javax.net.ssl.trustStore=Location of keystore file

You may find that these properties already exist in the file; they just need to be uncommented and updated. A line that starts with a number sign (#) is a comment.

Because the Bridge Designer is a Java application, you will need to create a trust store with the Java keytool utility. Update the path indicated for the javax.net.ssl.trustStore property to point to the trust store file you have created. There is a certain amount of administration required. For example, you will need to import your certificates with the keytool utility. Depending on the type of authentication, level of encryption, and particular encryption algorithms you have chosen, you may need to add additional system properties to config.ini for the connection to work. See the Java Development Kit documentation on SSL for more information.

Securing the connection when using the Java client is also done using system properties. See the JavaDocs for more information.

In a similar way, you use system environment variables to secure the connection when using the .NET client. Instead of adding certificates to a trust store, though, your certificates must be added to a certificate collection on the Web service itself. See the .NET client documentation for details.

 

Related Topics
Bullet Protecting Sensitive Data
Bullet Configuring for Client Authentication
Bullet CICS 3270 Bridge Interface API Guides