ESB Endpoint SSL Extensions Panel
You can create or modify ESB endpoint SSL extensions in the ESB Endpoint SSL Extensions panel.
Panel Layout
SXTP07S --------------- ESB Endpoint EMS SSL Extensions ----------------------- Command ===> ESB Id ===> New-ESB1 Use SSL ===> N (N/Y - Use SSL) Authorization Only ===> N (N/Y - SSL Authorization only) Key Ring File ===> Key Ring Label ===> Cipher ===> LDAP URL ===> LDAP USERID ===> LDAP PASSWORD ===> Enable FIPS 140-2 ===> N (N/Y) Enable Trace ===> N (N/Y) Enable Debug Trace ===> N (N/Y) Enable TLS1.1 ===> (N/Y) Enable TLS1.2 ===> (N/Y) Expected Host Name ===> Verify Host Name ===> N (Y/N)
Field Description
The following table lists the fields in the ESB Endpoint SSL Extensions panel:
| Field | Description |
|---|---|
| ESB Id | The name of an ESB endpoint. |
| Use SSL | You can specify whether this ESB uses an SSL connection to Data Server.
Default value: N. |
| Authorization Only | You can specify whether this ESB connection uses SSL only for authentication. If the field is set to
Y, after establishing the EMS Server's identity through SSL, the data transfer is not encrypted.
Default value: N. |
| Key Ring File | The Resource Access Control Facility (RACF) ring name. |
| Key Ring Label | The RACF identity name. |
| Cipher | The IBM cipher codes for encryption. For example: 35363738392F303132 |
| LDAP URL | The URL used to access the LDAP server. |
| LDAP USERID | The user ID used to access the LDAP server. |
| LDAP PASSWORD | If LDAP requires a password, enter the password. |
| Enable FIPS 140-2 | You can specify
Y(es) to use FIPS 140-2, or
N(o) not to use FIPS 140-2.
Default value: N. |
| Enable Trace | You can specify
Y(es) to turn on SSL Trace, or
N(o) to disable SSL Trace.
Default value: N. |
| Enable Debug Trace | You can specify
Y(es) to turn on SSL Debug Trace, or
N(o) to disable SSL Debug Trace.
Default value: N. |
| Enable TLS1.1 | You can specify
Y(es) to turn on TLS 1.1, or
N(o) to disable TLS 1.1.
Default value: Y. |
| Enable TLS1.2 |
You can specify Y(es) to turn on TLS 1.2, or N(o) to disable TLS 1.2. Default value: Y. |
| Expected Host Name | The name of the TIBCO Enterprise Message Service server name that is being interfaced with. |
| Verify Host Name | If you specify Y(es), the name of the TIBCO Enterprise Message Service server is matched against the value specified in the Exp. EMS Host Name field. |
Note: While OpenSSL may work when connecting with the EMS server, Substation ES uses IBM SSl (GSK), which can be more restrictive. In the EMS Server Configuration, add the following to the "trusted list" to allow the connection to be made
"ssl": {
"ssl_server_identity": "_public.pem",
"ssl_issuer_list":
[
{ "issuer": "_Root_CA2.pem" },
{ "issuer": "_Services_CA2.pem" }
],
"ssl_use_cert_username": false,
"ssl_rand_egd": null,
"ssl_trusted_list": [
{ "trusted": "_Root_CA2.pem" }
],
"ssl_auth_only": true,
"ssl_dh_size": 2048, "ssl_require_client_cert": false,
"ssl_password": "XXXXXXX",
"ssl_server_key": "XXXX_private.pem",
"ssl_cert_user_specname": null
},
Copyright © Cloud Software Group, Inc. All rights reserved.