Secure synchronous transfer request

This page describes how to configure SSL for synchronous communication, as well as how to execute a secure transfer request.

Procedure

Begin by defining the SSL configuration for the Transfer CFT server and the client (CFTUTIL). The SSL synchronous communication uses the CFTSSL object to secure the communication between the client and server.

Define the server configuration

CFTSSL server definition for CFTTCOMS (COPCOMS in multi-node)

CFTSSL ID = 'SSLCFTTCOMS',

DIRECT = 'SERVER',

VERSION = 'TLSV1',

CIPHLIST = ( '61', '60', '53', '47', '10'),

USERCID = 'CFTQAUSER',

ROOTCID = ( 'CFTQACA')

CFTSSL definition for CFTMAIN

This is an internal SSL communication between internal tasks, which must be defined.

CFTSSL ID = 'SSLCFTTCOMS',

DIRECT = 'CLIENT',

VERSION = 'TLSV1',

CIPHLIST = ( '61', '60', '53', '47', '10'),

USERCID = 'CFTQAUSER',

ROOTCID = ( 'CFTQACA')

Define the client configuration

The client must be able to access the Transfer CFT server configuration.

Example

CFTSSL

 

 

 

 

ID = 'SSLCFTUTIL',

DIRECT = 'CLIENT',

VERSION = 'TLSV1',

CIPHLIST = ( '61', '60', '53', '47', '10'),

ROOTCID = ( 'CFTQACA')

Add SSL to the CFTCOM object

In the CFTCOM object define the SSL field, which corresponds to the following profiles:

  • server uses for the CFTUTIL client
  • client uses for CFTMAIN (server) for secured internal communication

Example

CFTCOM ID = COMS,

TYPE = TCPIP,

PROTOCOL = XHTTPS,

HOST = HOSTNAME,

PORT = 33098,

DISCTS = 60,

SSL =  'SSLCFTTCOMS'

Client executes a transfer request using synchronous communication

This section describes the two ways to enable SSL for the synchronous communication requests in mono and multi-node configurations.

Note You cannot create a Transfer CFT COM SSL object directly in Central Governance.

Define the uconf cft.coms.ssl_client_id parameter with the name of a CFTSSL object. For example:

UCONFSET id='cft.coms.ssl_client_id', value='SSLCFTUTIL'

 

CONFIG TYPE=COM, MEDIACOM=TCPIP, FNAME=xhttps://hostname:33098

-or-

Use the CONFIG command with an SSL argument. For example:

CONFIG TYPE=COM, MEDIACOM=TCPIP, FNAME=xhttps://hostname:33098, SSL=SSLCFTUTIL

If both are set, the CFTUTIL CONFIG command value is used.

Troubleshooting

For more information on errors and corrective actions, see Synchronous communication return codes.

Related Links