To enable SSL, the proxy server must have a server certificate. Use the IKeyman graphical user interface (GUI) to create the server certificate that the proxy server will use. IKeyman is a GUI tool, so you must run it on a client machine. Once you have created the certificate, you can copy it to the iSeries if your proxy server runs on iSeries.
To set up the proxy server to handle encrypted data, perform the following tasks:
The IKeyman GUI is a Java program based on Java Swing 1.1 interfaces. To use IKeyman, your client must be running the Java 1.1.8 JVM (and the Swing 1.1 plug-in) or the Java 2 JVM.
The IKeyman GUI is part of the IBM iSeries Client Encryption licensed program (5722-CE2 or 5722-CE3) in ssltools.jar. The procedure you use to set up your client to use SSL (and to run IKeyman) depends on which version of the licensed program you are running.
Set up your client to use SSL by completing the following steps:
Note: cfwk.zip must be the first item in your classpath.
You use the IKeyman GUI to create a self-signed certificate.
Note: If the IKeyman GUI stops running, check to make sure that cfwk.zip is the first item in your CLASSPATH and that cfwk.sec is in the same directory as the cfwk.zip.
Create a server certificate for the proxy server by completing the following steps:
java -Dkeyman.javaOnly=true com.ibm.gsk.ikeyman.Ikeyman
Note: Remember the keyring file name, because you need it to start the secure proxy server.
Note: Remember your password, which you need to start the secure proxy server. The key icons in this dialog represent the relative strength of your password. A strong password requires a mix of uppercase and lowercase alphanumeric characters.
You should now be able to see the keyring that you just created in your current directory.
Before starting the proxy server, make sure that the CLASSPATH for the proxy server contains jt400.jar, sslightx.zip, and the location of the proxy server keyring.
Start the Proxy Server using the certificate you just created. Use the -keyringName and -keyringPassword parameters to pass this information to the proxy server. For example:
java com.ibm.as400.access.ProxyServer -keyringName ProxyServerKeyring -keyringPassword pxypswrd