The following procedure leads you through adding the server certificate to the certificate database on the client, which is stored in a Java .class file. Adding the server certificate to the client is necessary because the server uses a self-signed certificate.
Set up the proxy client to exchange encrypted data by completing the following tasks:
The tool that downloads the certificate (KeyringDB) is a Java program. To use this program, you must be running Java 1.1.8 or Java 2 JVM on your client. KeyringDB is part of the IBM iSeries Client Encryption licensed program (5722-CE2 or 5722-CE3) in ssltools.jar. The procedure you use to set up your client to use SSL depends on which version of the licensed program you are running.
After setting up your proxy server, set up your client to use SSL by completing the following steps:
KeyringDB creates a new KeyRing.class file that contains the server certificate and puts it in the com\ibm\as400\access subdirectory off the current directory.
Use the KeyringDB tool to add the server certificate to KeyRing.class by completing the following steps:
From the directory where you put the jar and zip files, run the following command:
java utilities.KeyringDB com.ibm.as400.access.KeyRing -connect proxyServerName:port
where:
For example:
java utilities.KeyringDB com.ibm.as400.access.KeyRing -connect myProxyServer:3471
The jt400Proxy.jar file contains KeyRing.class. To set up the client to use the updated KeyRing.class file, ensure the following are in your CLASSPATH statement:
Because jt400Proxy.jar contains the default copy of KeyRing.class, the directory that contains com\ibm\as400\access\KeyRing.class must be in the CLASSPATH before jt400Proxy.jar.
Note: Instead of adding the directory that contains the KeyRing.class file to your CLASSPATH statement, you can add the new KeyRing.class to your jt400Proxy.jar file. Adding the new KeyRing.class file to jt400Proxy.jar overwrites the old version.
To tell the proxy client to communicate with the proxy server across a secure connection, set the following system properties:
com.ibm.as400.access.AS400.proxyServer=proxyServer
where proxyServer is the name of the machine that is running the proxy server
com.ibm.as400.access.SecureAS400.proxyEncryptionMode=mode
where mode is one of the following integers:
For example, the following command starts an application using SSL:
java -Dcom.ibm.as400.access.AS400.proxyServer=myProxyServer -Dcom.ibm.as400.access.SecureAS400.proxyEncryptionMode=1 myApplication