Use of an Existing Certificate - Ironstream_Hub - 1.3.0

Ironstream Hub Installation

Product type
Software
Portfolio
Integrate
Product family
Ironstream
Product
Ironstream > Ironstream Hub
Version
1.3.0
Language
English
ContentType
Installation
Product name
Ironstream Hub
Title
Ironstream Hub Installation
Topic type
Installation
First publish date
2022

If you have an existing certificate or want to generate the certificate yourself, set this in the source configuration file inside of the Source Directory:

TcpIpServerConfiguration: TlsConfiguration:

AutoGenerateCertificate: false

And specify the paths for this:

TcpIpServerConfiguration: TlsConfiguration :

PathToCertificateFile:

<path to the server.crt file>

TcpIpServerConfiguration: TlsConfiguration : PathToKeyFile:

<path to the server.key file>

Note: The certificate files can be generated by using openssl to issue these commands:

openssl genrsa -out server.key 2048

openssl ecparam -genkey -name secp384r1 -out server.key

openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

Then, use this command to generate the certification cacert.pem which can be imported to mainframe key database and used by Hub.

openssl x509 -in server.crt -out cacert.pem -outform PEM

If Hub is configured to use TLS and the IBM Z agent is not using TLS, then this will be logged as an error and no data will be processed. Conversely, if a TLS client sends data to Hub and Hub is not configured to use TLS, then this will also be logged as a warning without data being processed.