Use of an Existing Certificate - Ironstream_Hub - 1.3.2

Ironstream Hub Installation

Product type
Software
Portfolio
Integrate
Product family
Ironstream
Product
Ironstream > Ironstream Hub
Version
1.3.2
Language
English
Content type
Installation
Product name
Ironstream Hub
Title
Ironstream Hub Installation
First publish date
2022
Last updated
2023-06-15
Published on
2023-06-15T10:06:50.292027

If you have an existing certificate or want to generate the certificate yourself, set this in the source configuration file inside of the Source Directory:

TcpIpServerConfiguration: TlsConfiguration:

AutoGenerateCertificate: false

And specify the paths for this:

TcpIpServerConfiguration: TlsConfiguration :

PathToCertificateFile:

<path to the server.crt file>

TcpIpServerConfiguration: TlsConfiguration : PathToKeyFile:

<path to the server.key file>

Note: The certificate files can be generated by using openssl to issue these commands:

openssl genrsa -out server.key 2048

openssl ecparam -genkey -name secp384r1 -out server.key

openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

Then, use this command to generate the certification cacert.pem which can be imported to mainframe key database and used by Hub.

openssl x509 -in server.crt -out cacert.pem -outform PEM

If Hub is configured to use TLS and the IBM Z agent is not using TLS, then this will be logged as an error and no data will be processed. Conversely, if a TLS client sends data to Hub and Hub is not configured to use TLS, then this will also be logged as a warning without data being processed.