Implement model authentication and encryption - Connect_CDC - connect_cdc_mimix_share

Implement model authentication and encryption - Connect_CDC - connect_cdc_mimix_share - 6.x

Connect CDC Getting Started Guide

Product type

Software

Portfolio

Integrate

Product family

Connect

Product

Connect > Connect CDC (MIMIX Share)

Version

6.x

ft:locale

en-US

Product name

Connect CDC

ft:title

Connect CDC Getting Started Guide

2025

First publish date

2003

ft:lastEdition

2026-02-25

ft:lastPublication

2026-02-25T19:01:02.274000

L1_Product_Gateway

Integrate

L2_Product_Segment

Data Integration

L3_Product_Brand

Precisely Connect

L4_Investment_Segment

Application Data Integration

L5_Product_Group

ADI - Connect

L6_Product_Name

Connect CDC

Table 1. Changes in this topic
Change type	Description
Updated in 6.0.05	Instructions for generating a self-signed certificate and enabling TLS.

Generate Self-Signed certificate

A utility file named configuretls.cmd is provided in kernel folder of the connect cdc installation to facilitate the creation of the self-signed certificate and configure connect to run in secured mode. An example of running this utility and its output is shown below.

C:/PreciselyConnect/ConnectCDCV60>kernel/configuretls.cmd
Creating certificate file C:/Users/Administrator/.cdc/certs/connect-cdc-keystore.p12...
Exporting certificate C:/Users/Administrator/.cdc/certs/connect-cdc.crt from Keystore file: 
C:/Users/Administrator/.cdc/certs/connect-cdc-keystore.p12
Importing certificate C:/Users/Administrator/.cdc/certs/connect-cdc.crt into Trustore file: 
C:/Users/Administrator/.cdc/certs/connect-cdc-trustore.p12 with alias connect-cdc
Certificate generation complete.
Enabling TLS configuration...
Updating file: C:/PreciselyConnect/ConnectCDCV60/kernel/wrapper.conf
Updating file: C:/PreciselyConnect/ConnectCDCV60/director/omnient.ini
Updating file: C:/PreciselyConnect/ConnectCDCV60/kernel/startmoncon.cmd
Updating file: C:/PreciselyConnect/ConnectCDCV60/kernel/startconsole.cmd
Updating file: C:/PreciselyConnect/ConnectCDCV60/kernel/startlistener.cmd

This utility will by default create a keytsore and trustore PKCS12 file in the folder $HOME/.cdc/certs folder a long a .crt file that stores the certificate. Also a certs.json file is created that contains the keystore and trustore passwords. Following the certificate creation, the list of config files shown in the example are also updated to configure connect cdc to run in secured mode.

Configure TLS manually

To manually configure TLS for connect cdc:

Use keytool to generate a self-signed certificate. For example,

keytool -genkeypair -alias connect-agent -keyalg RSA -keysize ${KEY_SIZE} -storetype ${STORE_TYPE} -keystore 
${KEYSTORE_FILE} -validity <num_days> -storepass "${TRUSTSTORE_PASSWORD}" 
${KEYPWD_OPTION} -dname "CN=CommonName, OU=OrganizationalUnit, O=Organization, 
L=Locality,ST=StateOrProvinceName,C=CountryName"

Export the certificate. For example,

keytool -export -alias connect-cdc -file connect-cdc.crt -keystore ${KEYSTORE_FILE} -storepass 
"${TRUSTSTORE_PASSWORD}" -storetype ${STORE_TYPE}

Import the certificate to a truststore to trust it. For example,

keytool -import -alias connect-cdc-trust -file connect-cdc.crt -keystore ${TRUSTORE_FILE} -storepass 
"${TRUSTSTORE_PASSWORD}" ${KEYPWD_OPTION} -storetype ${STORE_TYPE} -noprompt

Note: The keystore and truststore files can be same or different files.

Configure kernel/wrapper.conf file and add these properties:

wrapper.java.additional.4=-Dwrapper-debug=false 
wrapper.java.additional.5=-Dconfiguration.file=../conf/cdc_connect.properties

Adjust director/omnient.ini and add this property:

SelfSignedCertificate=C:/Users/Administrator/.cdc/certs/cert.json

Adjust the following files and add:

kernel/startmoncon.cmd
kernel/startconsole.cmd
kernel/startlistener.cmd

Add these properties:

-Dconnect.cdc.tls.config_file="C:/Users/Administrator/.cdc/certs/cert.json" -Dssle

Create certs.json file with the following content:

{
   "connectTLS": {
      "certificateInfo": {
              "keyStoreType": "PKCS12",
              "keyStorePassword": "g/+sbUmgwitP7EOa",
              "keyCertificateAlias": "connect-cdc",
              "keyStoreFile": "C:/Users/jack.smith/.cdc/certs/connect-cdc-keystore.p12",
              "trustStoreType": "PKCS12",
              "trustStorePassword": "858jnCbq5b1v8BPE",
              "trustStoreFile": "C:/Users/jack.smith/.cdc/certs/connect-cdc-trustore.p12"
           }
      }
              }

To set the security and encryption option for the model in Connect CDC Director, from the context menu of the model, go to Model Properties and click the XML/Encryption tab.

Similarly, to set the option for the host that differs from the model in general, go to the Host Properties tab from the context menu of the host. The tab provides the same options with the addition of the model default option.

The Host Properties must specify encryption, if encryption was used to start the Connect CDC Listener during installation. If they do not match, connections are refused, that is, encrypted model connections to a non-encrypted Listener fail and vice versa.

Note: Encryption automatically includes authentication.

The monitoring and control tools use whatever the model properties option is for security. For example, if the model has authentication and not encryption specified, then Connect CDC MonCon has the same security options enabled.

Encryption was set up in the Connect CDC Listener during installation. After installation is complete, re-install to change the security options.

If problems occur with SSL, check the following:

Installation should have placed certification file omnicert in the /kernel and /director directories. This file needs to reside in both to enable successful authentication.
The classpath set in omnient.ini must point to the correct location of these files: omni.jar, jsse.jar, jnet.jar, and jcert.jar.