Use IBM Access Client Solutions to assist with configuring Toolbox SSL/TLS connectivity

How To

Summary

The IBM Access Client Solutions product simplifies configuration of SSL/TLS connectivity to an IBM i.
This document can be used to assist with configuration of stand-alone IBM Toolbox for Java applications needing secure connectivity to IBM i.

This document applies to usage of self-signed certificates. Third-party certificates purchased from Entrust, Verisign, Thawte, and so on, might already be available in your JRE keystore. In that case, the necessary certificate authority certificate might already be available to your Java applications.

Environment

For the following examples, it is assumed that:

1) The IBM Toolbox for Java JAR file - jt400.jar, is in the client system's CLASSPATH environment variable. The following is an example.

C:\Users\myUser>set CLASSPATH
CLASSPATH=.;C:\Users\myUser\Downloads\jtopen_9_4\lib\jt400.jar

2) The IBM Access Client Solutions base package must be installed on the client.

3) SSL/TLS is configured on the IBM i Host Servers:

Configuring the SSL Telnet and Host Servers for Server Authentication for the First Time

4) In the Access Client Solutions "System Configurations" function, your IBM i system configuration has the "Use SSL for connection" option selected and "Verify Connection" runs successfully.

Steps

In the primary IBM i Access Client Solutions interface, select the Tools pull-down menu and select "Key Management".

If you are using a self-signed certificate, there is a certificate listed for your IBM i system.

In the "Key database information" section, copy the file path and name. For example, C:\IBM\iAccessClient\Private\myWindowsUserID\cacerts

From a command prompt, test the IBM Toolbox for Java connection with:

> java utilities.JPing myIBMisystem

Test with the SSL option:

> java utilities.JPing myIBMisystem -ssl

Unless the certificate authority certificate exists in the system's default Java keystore, this test fails. So, retest but now specify the same key database file that IBM i Access Client Solutions uses for its connection:

> java -Djavax.net.ssl.trustStore=C:\IBM\iAccessClient\Private\myWindowsUserID\cacerts utilities.JPing myIBMisystem -ssl

The results look like the following if successful:

Verifying connections to system rch730b...

Successfully connected to server application:  as-file-s
Successfully connected to server application:  as-netprt-s
Successfully connected to server application:  as-rmtcmd-s
Successfully connected to server application:  as-dtaq-s
Successfully connected to server application:  as-database-s
Successfully connected to server application:  as-ddm-s
Successfully connected to server application:  as-central-s
Successfully connected to server application:  as-signon-s
Connection verified

Any stand-alone IBM Toolbox for Java applications are able to make SSL/TLS connections by using the same key database file IBM i Access Client Solution uses. Set the Java truststore and specify "secure=true" (JDBC Connection property) or reference SecureAS400 objects in any toolbox Access classes.

Related Information

Setup Instructions for Making Secure Sockets Layer (SSL) Connections with the I…

How can IBM i Access Client Solutions share a common SSL Environment?

Secure Sockets Layer/Transport Layer Security - What's new for IBM® i 7.3

Toolbox for Java JTOpen download

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSRQKY","label":"IBM i Access Client Solutions"},"Component":"IBM Toolbox for Java","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Tips

Use IBM Access Client Solutions to assist with configuring Toolbox SSL/TLS connectivity

How To

Summary

Environment

Steps

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?