Routing and TLS

When configuring a route, you can specify TLS parameters for the connection. Although both participants in a TLS connection must specify a similar set of parameters, each server specifies this information in a different place.

• The passive server must specify TLS parameters in its main configuration file, tibemsd.conf.
• When a server initiates a TLS connection, it sends the route’s TLS parameters to identify and authenticate itself to the passive server. You can specify these parameters when creating the route, or you can specify them in the route configuration file, routes.conf.

You can configure the server to require a digital certificate only for TLS connections coming from routes, while not requiring such a certificate for TLS connections coming from clients or from its fault-tolerant peer.

For more information, see ssl_require_route_cert_only.

Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.