CONNX Supports SSL/TLS connections from the CONNX client to any CONNX server running on the VMS including RMS, RDB, and Codasyl DBMS.

CONNX provides SSL support on OpenVMS Itanium only.

In order to use CONNX with SSL on OpenVMS, the following requirements must be met.

Use openssl to create your certificate and key file.

CONNX ships with a 64-bit OpenSSL command line. It is located in the OpenSSL directory under the root of your 64-bit CONNX installation.

Open a command prompt and navigate to this directory. The following is an example of creating a self-signed key and certificate:

In this example, key.pem is the private key file, and cert.pem is the certificate file. Both of these files are required when configuring the SSL Listener.

To Enable CONNX SSL support on OpenVMS, the following logical must be present before the CONNX Listener starts:

Transfer your SSL Certificate and key to OpenVMS using FTP.

Define two logicals that will point CONNX to the certificate and key called SSLCERT and SSLKEY.

These logicals must be defined at the system level. In order to start some listeners with SSL support and some without, omit defining the CNXLISTENSSL logical at the system level, and instead start the SSL listener(s) with @cnxsvr startssl.

Once the logicals are in place, the CONNX Listener must be restarted.

On the client side, the CONNX data dictionary must be configured to use SSL to connect to the server.

On the import dialog for RMS, RDB, and Codasyl DBMS, there is a checkbox Use TLS/SSL. Once SSL has been configured for the VMS listener, select the Use TLS/SSL button.

If you have an existing data dictionary, and you want to enable SSL for one or more databases in the CDD, there is also a "Use TLS/SSL" checkbox at the database panel for any database that supports SSL. Use this checkbox to enable/disable SSL for the specified database connection.

It is possible to configure some databases in the CDD to use SSL, and others without SSL.