Using SSL with ECI Programs

Describes how to configure an enterprise server to use SSL with ECI via either the Micro Focus or the IBM API.

To establish secure communication between the ECI API (Micro Focus or IBM) and Enterprise Server, you need a Java keystore that includes Enterprise Server trusted certificates that can be used by Java ECI programs. You then import your trusted root certificate into the keystore. Once the keystore is ready, execute the java command to complete the configuration.

Generate a Keystore
  1. Generate a Java keystore using the keytool command provided with the JDK. For example: 
    keytool -genkey -alias esServer -keyalg RSA -keystore estrustStore.jks
  2. Provide a password for the generated keystore. (Optional)
Import the Trusted Root Certificate
Here, you set the trusted root certificate to verify the certificate provided by Enterprise Server.
  1. Import the trusted root certificate into your generated Java keystore using the keytool command. For example: 
    keytool -import -alias esrootcert
-file CARootcert.pem -keystore estrustStore.jks
  2. If prompted, provide a password for the keystore.
Execute the java Command
Execute the java command for your ECI programs using the following command-line arguments: 
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStore=c:/MySubversionProjects/ccl/ssl/esRootCert.jks
-Dcom.sun.net.ssl.checkRevocation=true
Important: If you are using the ECI library with the IBM JRE, include the following additional command-line argument: 
-Dmf.ssl.algorithm=Ibmx509

For more information on Enterprise Server and CA certificates, see the Secure Communications (SSL) topic under Deployment. We also provide a demo CA you can use to test your SSL connections. See Using the Demonstration Certificate Authority for details.

Parent topic: ECI Implementation (mfccl.jar)
Related reference
Using SSL with the CICS Resource Adapter
Using SSL with the CICS IBM ECI Resource Adapter