Example: Using the GSKit encryption library
This example shows the steps to configure CM to listen for SSL connection using the GSKit encryption library.
About this task
Use the gsk8capicmd utility of your GSKit installation.
Procedure
-
To configure cm1 to listen for an SSL connection, create a keystore file named
cm1.p12 in the CM's $INFORMIXDIR/ssl directory.
$ gsk8capicmd -keydb -create -db cm1.p12 -pw test -type pkcs12 -expire 3650 -stash
Note: Ensure that this file is owned by the user running oncmsm (usually informix) and has 600 permissions. -
Obtain the certificate, either creating it or importing it from a PEM file. Note its
label.
Example command for creating a certificate in the keystore: $ gsk8capicmd -cert -create -db cm1.p12 -pw test -dn "CN=`hostname`" -size 2048 -label cm1ListeningCert -ca true -sigalg SHA256WithRSA
Example command for importing a certificate in a PEM file into the keystore: $ gsk8capicmd -cert -add -db cm1.p12 -pw test -file filewithcertificatetoimport.pem -label cm1ListeningCert -format ascii -trust enable
-
In cm1's config file set "SSL_LABEL" to the certificate's label:
SSL_LABEL cm1ListeningCert