Using TLS/SSL with the CICS IBM ECI Resource Adapter

After installing and configuring the Micro Focus CICS IBM ECI resource adapter, including enabling TLS, you can perform further configuration to establish secure communication between the resource adapter and Enterprise Server. To do this, generate a Java keystore that includes Enterprise Server trusted certificates that can be used by CICS resource adapter programs; then import your trusted root certificate into the keystore.

Configure the RA and Enable TLS

See CICS IBM ECI Resource Adapter Configuration for more information.

To generate a keystore:

  1. Generate a Java keystore using the keytool command provided with the JDK. For example: 
    keytool -genkey -alias esServer -keyalg RSA -keystore estrustStore.jks
  2. Optionally, you can provide a password for the generated keystore.

To import the trusted root certificate you set the trusted root certificate to verify the certificate provided by Enterprise Server:

  1. Import the trusted root certificate into your generated Java keystore using the keytool command. For example: 
    keytool -import -alias esrootcert
-file EC_CAcollection.pem -keystore estrustStore.jks
  2. If prompted, provide a password for the keystore.

See Secure Communications (TLS/SSL) for more information on Enterprise Server and CA certificates. Micro Focus also provide a demonstration CA you can use to create the certificates and keys you need to test your TLS connections. See Using the Demonstration Certificate Authority for more information.

Micro Focus recommends that you review the topics listed under Related reference below.

Parent topic: CICS IBM ECI Resource Adapter
Related concepts
Secure Communications (SSL)
Using the Demonstration Certificate Authority
Related reference
Using TLS/SSL with ECI Programs
CICS Program Call with Commarea using SSL
WebSphere CICS IBM ECI Resource Adapter Configuration
JBoss EAP CICS IBM ECI Resource Adapter Configuration