Activating Encryption for Entire Net-Work

This document describes the steps that must be completed to activate Encryption for Entire Net-Work. It is organized in the following topic:


Open Systems Activation

The following table lists the steps that must be completed to activate Encryption for Entire Net-Work on LUW. Click on a step number for more information.

Step Description
1 Create or obtain certificates for encryption and authentication.
2 Deploy the certificates you have obtained.
3 Create the text file used to ensure random encryption (optional).
4 Alter the target definitions.

Step 1. Create or Obtain Certificates

Create or obtain the certificates you will need for encryption and authentication.

Various organizations, such as VeriSign, act as external certificate authorities for other companies and supply keys for authentication and encryption as requested by their clients. For Entire Net-Work, you can use an external certificate authority to provide your keys or, for testing only, you can use the open source SSL Toolkit, provided with Encryption for Entire Net-Work, to become your own certificate authority.

For more information about the open source SSL Toolkit, read Using the SSL Toolkit.

To use an external organization to obtain your certificates, contact them for more information.

Step 2. Deploy the Certificates

Once you have created or obtained your certificates (Step 1), they must be deployed. When you obtain your certificates (regardless of whether you used an external certificate authority or the SSL Toolkit) you are supplied with the following files:

  1. A public key certificate for your company or installation.

  2. A private key for your company or installation.

  3. A public key certificate for the certificate authority itself.

  4. A password for decrypting the certificates (sometimes called a pem pass phrase).

These files must be deployed before they can be used. To deploy these files:

  1. Transport the certificates and key files to the systems where they are to be used. You can use the ftp utility to do this. You can also copy and rename certificates and key files as required.

  2. Make sure the location of the certificates and keys is clear on the systems where they are being used. If they are not in the current directory, identify their location using the appropriate SSL parameters and settings as described in Access and Connection Definition Setup.

Step 3. Create the Text File Used to Ensure Random Encryption (Optional)

Optionally, create a text file member that contains at least 14 random characters. The random characters in this file will be used by the encryption routines, thus ensuring that encryption itself occurs in a random manner.

Note:
A random file is not required in Windows environments, but is in some UNIX environments.

Make sure the location of the random file is clear on the systems where it is being used. If it is not in the current directory, identify its location using the appropriate RANDOM_FILE parameter as described in Access and Connection Definition Setup.

Step 4. Alter the Target Definitions

To use Encryption for Entire Net-Work, the existing target definitions for your Adabas databases (on mainframe and open systems) must be updated to support secured communications. Each definition must be altered so that the protocol type "SSL" is specified in the access or connection definition and appropriate security parameters are specified. For more information on maintaining your target entries and on the security parameters, read Access and Connection Definition Setup.