JDBC Programmer Reference › Sample SSL Scripts

Sample SSL Scripts

Several sample scripts have been provided to assist you in testing the SSL feature when using a type 3 JDBC connection through the CA-IDMS Java Server running on Unix Systems Services (USS). These scripts are samples only and may need to be tailored to your specific installation. The scripts, their descriptions, and locations are listed following:

USS (within directory "/idmsdir/sampssl"):

• GenServerKey – Generates the Server Key
• ListAllSSLCerts – Lists all Certificates in the Keystore
• ExportServerSSLCert – Exports the Server Key
• SSLStart – Starts the Java Server
• SSLStatus – Checks the Java Server status
• SSLStop – Stops the Java Server

Windows (within directory "/idmsdir/sampssl"):

• GenClientKey.bat – Creates the Client keystore
• ImportSSLCert.bat – Imports the Server Certificate
• ListSSLCert.bat – Lists the Server Certificates
• Jcf_SSL_Testing.bat – Starts the JCF demo app.

The following procedure can be used to create and populate your keystores, and to start both the Java Server and the JCF Demo facility using the appropriate parameters. The JCF Demo application is used to test the SSL feature.

Within OMVS:

1. Ensure that both the HOME and JAVA_HOME environment variables have been properly set for your environment.
2. Copy the contents of the "sampssl"" sub-directory into the CA IDMS Server main directory. All script invocations should occur from the CA IDMS Server main directory.
3. Run the GenServerKey script.
4. Run the ListAllSSLCerts script.
5. Run the ExportServerSSLCert script.
6. Edit the caidms.cfg file and set SSL=1 within the Proxy section.
7. Run the SSLStart script.
8. Run the SSLStatus script.
9. FTP the file created in Step 1e (named "idsslsrv.cer") to the "sampssl" sub‑directory on Windows. This file must be transferred in binary mode.
10. Within Windows:
11. Update your PATH environment variable to include the JAVA/BIN directory for your JRE or JSDK installation.
12. Open a Command Prompt window and issue a Change Directory (CD) command to go to the "sampssl" sub-directory for your CA IDMS Server installation.
13. Run the GenClientKey.bat script
14. Run the ImportSSLCert.bat script
15. Run the ListSSLCert.bat script
16. Run the Jcf_SSL_Testing.bat script
17. Establish a JDBC Type 3 SSL connection to your IDMS data source, making sure to specify "ssl" within the connection URL. For example:

    jdbc:idms:ssl://host-name:port/data-source-name
    

    Once you are done with your testing, stop the Java Server running under USS. To do so, run the SSLStop script within OMVS.