CICS Transaction Gateway V5 The WebSphere ... - IBM Redbooks

196 CICS Transaction Gateway V5
Valid from: Tue Jun 25 17:10:34 EDT 2002 until: Mon Sep 23 17:10:34 EDT 2002
Certificate fingerprints:
MD5: 6D:5B:C0:14:12:E5:E2:47:C1:8E:FE:B8:D5:9D:08:36
SHA1: AA:8D:BF:D5:74:88:E8:72:D9:83:3D:12:E3:03:F3:2E:54:97:74:58
*******************************************
*******************************************
8.2.2 Configuring the client keyring
For the client side, we used the JSSE library to provide an SSL connection.
In order to test the System SSL protocol, we needed to create a JSSE keystore
that contains the signer certificate for the VeriSign Test Certificate Authority who
signed our server certificate, obtained in 8.2.1, “Configuring the server
certificate” on page 191. This is because the client needs the public key of the
signer, contained inside the signer certificate, to decrypt the server certificate
presented to the client during the SSL handshake. If the server certificate is
decrypted successfully, then the client can trust that the certificate is authentic
and SSL communication can occur.
To test the JSSE SSL protocol, we needed to add our self-signed server
certificate to this JSSE keystore. The client needs to have the signer certificate of
our server to recognize the certificate the SSL protocol will present to it during
the SSL handshake.
Client keystore for SystemSSL and JSSE
To create a keystore for use with SystemSSL and JSSE, we used the iKeyman
tool, provided with the JSSE libraries, on Windows. We performed the following
steps:
1. From a Windows command prompt we changed into the CICS TG bin
directory with the command:
cd C:\Program Files\IBM\IBM CICS Transaction Gateway\bin
2. From a Windows command prompt, we started the iKeyman tool using the
command:
java com.ibm.ikeyman.Ikeyman
The initial window is shown in Figure 8-3 on page 197.