This example shows the steps to configure CM to listen for an SSL connection.
For this example, you have a CM whose config file NAME setting is "cm1":
- To configure cm1 to listen for an SSL connection, in the CM's $INFORMIXDIR/ssl create a
keystore file named "cm1.kdb".
$ gsk8capicmd_64 -keydb -create -db cm1.kdb -pw test -type cms -expire 3650 -stash
Note: Ensure that this file is owned by the user running oncmsm (usually informix) and has 600
permissions.
- Obtain the certificate, creating it if necessary. Note its label.
$ gsk8capicmd_64 -cert -create -db cm1.kdb -pw test -dn "CN=`hostname`" -size 2048 -label cm1ListeningCert
- Import the desired certificate into the keystore.
In the example above, the "cm1ListeningCert" certificate is created in the cm1.kdb keystore.
Below is an example of the importing a certificate in a PEM file into the keystore:
$ gsk8capicmd_64 -cert -add -db cm1.kdb -pw test -file filewithcertificatetoimport.pem -label $INFORMIXSERVER -format ascii -trust enable
- In cm1's config file set "SSL_LABEL" to the certificate's label:
SSL_LABEL cm1ListeningCert