Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerExchange for CDC and Mainframe 10.5.9
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. DTLDESCRIBE Metadata
  12. PowerExchange Globalization
  13. Using the PowerExchange ODBC Drivers
  14. PowerExchange Datatypes and Conversion Matrix
  15. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  16. Appendix B: PowerExchange Glossary

Reference Manual

Reference Manual

Back Next

PowerExchange SSL Configuration Steps

PowerExchange SSL Configuration Steps

Before you begin SSL configuration for PowerExchange, your organization should have a local CA certificate from a well-known CA vendor. A self-signed CA certificate can be generated instead for internal use, such as connections within your organization's network or internal testing.
The steps described in this task should be performed by security administrators. Security administrators have specific permissions and system access that allow them to generate and manage security certificates and policy files.
All certificates created for use with PowerExchange must be generated to the X.509 standard. For example, the PKCS7 format meets the X.509 standard, so it can be used to generate the certificates.
To implement SSL support in PowerExchange, complete the following tasks:
  1. Configure each z/OS server.
    1. Configure the DBMOVER file for the PowerExchange Listener and specify the ports to be used for secure connections.
    2. Update the rules in AT-TLS policy file specifying the job names and ports to be used for secure connections.
    3. Make a personal certificate available on z/OS.
  2. Configure each Linux, UNIX, Windows or IBM i machine.
    1. Create a CA certificate.
    2. Create a personal certificate.
    3. Customize the DBMOVER configuration file on the server.
  3. If remote peer certificate validation is performed, then the Certificate Authority that issued the remote certificate must be present as a trusted CA in the local system:
    1. On z/OS, a remote peer (client) certificate is requested from the client during the handshake if the AT-TLS rule specifies a Handshake Role of "ServerWithClientAuth”, but not if the Handshake Role is “Server”. If a client certificate is requested, its validation by AT-TLS is controlled by the AT-TLS ClientAuthType option of Passthru, Full, Required, or SAFCheck. For the Passthru or Full options, it is valid for the client not to provide a certificate. Except for the Passthru case, a received certificate will be validated by AT-TLS.
      The underlying cryptographic services used by AT-TLS (z/OS System SSL) expect that the certificate is well-formed even if AT-TLS is not to perform full validation. PowerExchange does not process certificates in any way.
    2. On non- z/OS listeners, remote peer (client) certificate request and validation is performed according to the SSL_REQ_CLNT_CERT parameter.
    3. On Linux, UNIX, and Windows clients, remote peer server certificate validation is performed according to the SSL_REQ_SRVR_CERT and ALLOW_SELF_SIGNED parameters.
  4. Verify the secure connections between PowerExchange clients and servers using DTLREXE PING.
0 COMMENTS
We’d like to hear from you!