Technical Blog Post
Abstract
Configuring SSL between the CLA2 Client adapter and a CLA2 Local or Remote Server
Body
To create a secure TCP connection you will have to activate SSL authentication on both the CLA2 Server and CLA2 adapter.
Recommendation: Before activating SSL between the CLA2 Remote or Local Server and the CLA2 adapter, make sure that the adapter can reach to the server through a TCP connection without SSL.
In the CLA adapter:
1) The "System Authentication Certificate" field should have the value: cla2auth
2) The "Use SSL" option should be set to yes.
3) The SSL Public CA Certificate should be set to "cla2ssl".
If you are connecting to a CLA2 Remote Server, copy the keystore named "cla2_KeyStore.jks" containing both the cla2auth and cla2ssl certificates to the Remote Server under the following path "client/cmdline2/".
You will find the "cla2_KeyStore.jks" keystore in the "<ISBI_Folder>/install/client/cmdline2/" folder in the ISBI filepath.
After finding the keystore, execute the following steps:
1) Copy the "cla2_KeyStore.jks" keystore from ISBI to the "client/cmdline2/" folder in the Remote server.
2) Make sure the "keystoreLocation" parameter in the CmdLine2server.properties from the Remote Server points to the correct location of the keystore (Ex. /client/cmdline2/cla2_KeyStore.jks).
3) Copy the password from the "keystorepassword" parameter located in the <ISBI_Folder>/install/properties/CmdLine2server.properties of the local server to the CmdLine2server.properties of the Remote Server. The password is already encrypted (Ex. CRYPTED:EI++...=)
4) Restart the remote CLA2 Server.
If you are connecting to a CLA2 Local Server, the "cla2_KeyStore.jks" keystore should already be located in the "<ISBI_Folder>/install/client/cmdline2/" folder and the required parameters (keystoreLocation and keystorepassword) should also already be pre-configured in the <ISBI_Folder>/install/properties/CmdLine2server.properties file.
Finally, test the connection to make sure that the CLA2 adapter can connect to the CLA2 server after SSL is activated.
Related Technotes:
"How to renew certificates for CLA2 Adapter and CLA2 Server in ISBI?" http://www-01.ibm.com/support/docview.wss?uid=swg21883788
UID
ibm11121781