CONNX Data Integration Suite 14.8.0 | Concepts | Advanced Features of CONNX | SSL/TLS Support | SSL on UNIX-Based CONNX Servers
 
SSL on UNIX-Based CONNX Servers
CONNX Supports SSL/TLS connections from the CONNX client to the 32bit and 64bit CONNX Data Servers running on all flavors of UNIX.
In order to use CONNX with SSL when connecting to UNIX, the following requirements must be met.
1. The UNIX-based CONNX Data Server must be configured to listen with SSL.
2. A. SSL Certificate and Key file are required.
Creating an SSL Certificate and Key File
Use openssl to create your certificate and key file.
CONNX ships with a 64-bit OpenSSL command line. It is located in the OpenSSL directory under the root of your 64-bit CONNX installation.
Open a command prompt and navigate to this directory. The following is an example of creating a self-signed key and certificate:
openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -config openssl.cnf
In this example, key.pem is the private key file, and cert.pem is the certificate file. Both of these files are required when configuring the SSL Listener.
Enabling SSL for the UNIX-Based CONNX Data Server
To Enable CONNX SSL for UNIX, set CNXLISTENSSL to 1.
Transfer your SSL Certificate and key to the UNIX system.
Define two configuration settings that will point CONNX to the certificate and key called SSLCERT and SSLKEY.
# ENVIRONMENT VARS
#
# CNXDIR = Location of this shell script + the CONNX binaries
# CNXRUNPORT = Default port (default=6500)
# CNXCONNECTBACK = Enables / Disables TCP/IP socket sharing
# DEBUG = 1 ON | 0 OFF
CNXDIR=/home/cnxuser/connx
CNXRUNPORT=6500
CNXCONNECTBACK=0
DEBUG=1
CNXLISTENSSL=1
SSLCERT=/home/cnxuser/server.crt
SSLKEY=/home/cnxuser/server.key
export CNXDIR CNXRUNPORT CNXCONNECTBACK DEBUG CNXLISTENSSL SSLCERT SSLKEY
########################################################################################
# DO NOT EDIT THE FOLLOWING SECTION
Once these setting changes are made, restart the UNIX-based CONNX Data Server.
On the client side, the CONNX data dictionary must be configured to use SSL to connect to the server.
If you have an existing data dictionary, and you want to enable SSL for one or more databases in the CDD, there is also a Use TLS/SSL checkbox at the database panel for any database that supports SSL. Use this checkbox to enable/disable SSL for the specified database connection.
It is possible to configure some databases in the CDD to use SSL, and others without SSL.