As an administrator of Enterprise Server, you can improve the security of communications for HTTP (web) traffic using TLS
(formerly called SSL) by creating and configuring an HTTPS listener, as follows:
- In ESCWA, click
Native
- In the navigation pane, click the
enterprise server region you wish to modify.
- Click
and click the communications process in the middle pane.
- Click
* New Listener.
This opens the
Listener Properties pane
- In the
Name field, type a name for the listener.
- In the
Port field, type a port for the listener. This should be a port not currently in use on your system. The default port for HTTPS
is 443.
- Click
TLS Settings.
- Check
Enable TLS.
- Enter the full paths to your server certificate and private key files in the
Certificate and
Keyfile fields respectivly.
Note: Once you have specified a certificate and keyfile you can configure the listener to use TLS protocol and cipher suites. See
Configuring a Listener to use TLS Protocols and Cipher Suites for more information.
Note: Enterprise Developer supports DER, CER, PKCS#7, PKCS#8, PKCS#12 and PEM certificate file formats and PKCS#8, PKCS#12 and PEM for key file formats.
- Specify the
Conversation Type for this listener. For COBOL Web Services and EJBs and
Enterprise Server functions such as administration and submitting JCL, choose
Web Services and J2EE. For COBOL service deployment, use
Web. For testing you can choose
Custom and type
http-echo, which provides a simple response to HTTP requests.
Note: Do not use the http-echo conversation type in production. It is intended only for connection testing.
- Click
Save.
You can use a similar procedure to configure an existing listener to use TLS. TLS is supported for all conversation types,
not just HTTPS, provided the client also supports TLS.