Example: Using the GSKit encryption library

This example shows the steps to configure CM to listen for SSL connection using the GSKit encryption library.

Use the gsk8capicmd utility of your GSKit installation.

  1. To configure cm1 to listen for an SSL connection, create a keystore file named cm1.p12 in the CM's $INFORMIXDIR/ssl directory.
    $ gsk8capicmd -keydb -create -db cm1.p12 -pw test -type pkcs12 -expire 3650 -stash
    Note: Ensure that this file is owned by the user running oncmsm (usually informix) and has 600 permissions.
  2. Obtain the certificate, either creating it or importing it from a PEM file. Note its label.
     Example command for creating a certificate in the keystore:
    $ gsk8capicmd -cert -create -db cm1.p12 -pw test -dn "CN=`hostname`" -size 2048 -label cm1ListeningCert -ca true -sigalg SHA256WithRSA
    Example command for importing a certificate in a PEM file into the keystore:
    $ gsk8capicmd -cert -add -db cm1.p12 -pw test -file filewithcertificatetoimport.pem -label cm1ListeningCert -format ascii -trust enable
  3. In cm1's config file set "SSL_LABEL" to the certificate's label:
    SSL_LABEL cm1ListeningCert 

Copyright© 2020 HCL Technologies Limited