Example of configuring for an SSL connection

This example shows the steps to configure CM to listen for an SSL connection.

For this example, you have a CM whose config file NAME setting is "cm1":

  1. To configure cm1 to listen for an SSL connection, in the CM's $INFORMIXDIR/ssl create a keystore file named "cm1.kdb".
    $ gsk8capicmd_64 -keydb -create -db cm1.kdb -pw test -type cms -expire 3650 -stash
    Note: Ensure that this file is owned by the user running oncmsm (usually informix) and has 600 permissions.
  2. Obtain the certificate, creating it if necessary. Note its label.
    $ gsk8capicmd_64 -cert -create -db cm1.kdb -pw test -dn "CN=`hostname`" -size 2048 -label cm1ListeningCert
  3. Import the desired certificate into the keystore.

    In the example above, the "cm1ListeningCert" certificate is created in the cm1.kdb keystore. Below is an example of the importing a certificate in a PEM file into the keystore:

    $ gsk8capicmd_64 -cert -add -db cm1.kdb -pw test -file filewithcertificatetoimport.pem -label $INFORMIXSERVER -format ascii -trust enable
  4. In cm1's config file set "SSL_LABEL" to the certificate's label:
    SSL_LABEL cm1ListeningCert 

Copyright© 2018 HCL Technologies Limited