Extend Communication by SSL

In this chapter, the communication from the chapter Setup Basic Communication is going to be extended by a SSL encryption. 

For a SSL encryption a trust- and a kestore is required. The truststore contains the certificates of the remote site (or of the communication partners). The keystore contains the own private key. In i-effect, a file is delivered that can be used for both and is referenced with the special value *OFTP2.

The default path is: /home/ieffect/OFTP2/keystore.p12

It is assumed that SSL is also activated on the remote site.

Step 1 - Enter the keystore in the certificate management

After ensuring that key- and truststore are availabe on the system i, the private key must first be stored in the certificate management. It is used by the server for the SSL encryption during a session. For this, please proceed as follows: 

Create certificate

Go to the menu item communication and select the site profile. 

Open the context menu by right-clicking on the server entry and select manage certificates. 

Now click on the plus sign to create a new certificate. 

Fill in form 

Enter the relevant data (information about your KeyStore) and confirm with save. 

Step 2 - Activate SSL encryption and deposit truststore

Der Truststore wird für die Verbindung zum Partner benötigt. Im Serverprofil muss der Truststore eingerichtet und die SSL-Verschlüsslung aktiviert werden. Hierfür führen Sie bitte die folgenden Schritte durch:

Deposit Truststore 

Go to the menu item Communication → Profile and select with right-click the context menu of the respective server profile (*RECEIVE). Click edit entry.

Fill form

Select use SSL. 

Subsequently, further configuration settings appear. At Select keystore, select *OFTP2 and click apply selection.