Verastream SDK for Airlines
Setting up the SDK for Secure Connections

You can set up your application to connect without security or through a secure connection using Secure Sockets Layer /Transport Layer Security (SSL/TLS). If you don't need to make a secure connection, you can skip this section.


The Verastream SDK uses the FIPS 140-2 validated RSA BSAFE SSL-J package from RSA to establish secure sessions using the SSL/TLS protocol.  The SSL-J package is validated for use with Java versions 1.6 and higher.  It requires that the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files be installed in the JRE.  Its operation also requires that you set up a keystore file for use in authentication.


If you need to set up more than one client certificate (for example, when you are connecting to more than one host), you will need to set up a separate keystore file for each certificate. (You cannot select from multiple certificates in one keystore).

The default mode of operation for a secure connection is Federal Information Processing Standards (FIPS )140 mode.  This can be disabled (on a per-session basis) by specifying FIPSMode="false" in the session XML (see Defining an XML Configuration).

Install the Java Unlimited Strength Jurisdiction Policy Files

  1. Make sure the system on which you are installing the SDK has the Oracle SE 7u51 JRE or greater with the appropriate Java
    Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files installed.

  2. If these JCE files are not installed, you can download them from The version of the JCE Unlimited Strength Jursiditon Policy files must match the version of the JRE. For installation instructions, refer to the readme file that comes with the JCE Unlimited Strength Jurisdiction Policy Files package.

Set up the Keystore File

  1. Acquire the Certificate Authority (CA) certificate (and all of the required intermediate certificates) that issued the certificate on the host you want to access.

  2. On the system you installed the SDK on, create a keystore and add the CA certifcate (and all intermediate certificates) to the keystore (using a tool such as the Java JDK Keytool).

  3. If the host you connect to does not require client authentication, set up the session parameters as shown in  Define an XML Configuration.

The Verastream SDK supports JKS, BKS, and PKCS12 keystore formats.


Set up For Client Authentication

  1. Request a private certificate and private key from a CA that is trusted on the host. (You can use Keytool to generate and export the request, and then to import the signed certificate. )

  2. Add this private certificate and private key to the keystore that you created when you set up server authentication.        

    The keystore must contain the trusted certificates required by the server for server authentication and the private certifcate and private key required for client authentication.

  3. Set up the session parameters as shown in  Define an XML Configuration.