Information Center

Setting up Redirector with TLS or SSL

To set up Host On-Demand Redirector with TLS or SSL using a Self-Signed Certificate, do the following:

  1. Use Certificate Management to create a new CMS key database file, for example, HODServerKeyDb.kdb, by selecting Key Database File > New.
  2. Type a password for the key database file, and make sure you select Stash the password to a file?.
  3. Select Personal Certificates from the drop-down menu.
  4. Click New Self-Signed in the lower right corner of the Certificate Management window.
  5. Extract the certificate as a Base64 .arm file to the bin directory (for example, C:\Program Files\IBM\HostOnDemand\bin or /usr/local/hostondemand/bin).
  6. Select Key Database File > New. Create a PKCS12 file, for example CustomizedCAs.p12, and give it the default password hod. Save it to the publish directory. The default publish directory is the HOD directory (for example, C:\Program Files\IBM\HostOnDemand\HOD or /usr/local/hostondemand/hod).
    When creating CustomizedCAs.p12, you must use the default password hod. Do not change this password.
  7. Select Signer Certificates from the drop-down menu and add the .arm certificate file to the CustomizedCAs.p12 file in the publish directory. The default publish directory is the HOD directory (for example, C:\Program Files\IBM\HostOnDemand\HOD or /usr/local/hostondemand/hod). Label the certificate appropriately.
  8. Restart the Host On-Demand Service Manager.
  9. Modify or add a Redirector Service with client-side security.
  10. Modify or add a session to connect with the TLS or SSL-enabled Redirector Service.

Enabling TLS or SSL tracing in the Redirector code

To enable TLS or SSL tracing in the Redirector code, follow these steps on the system running Redirector:

  1. Stop the Service Manager if it is currently started.
  2. Set an environment variable:
    SVR_START_TRACE =Yes

    To set this variable:

    Note The variable value is case sensitive.

  3. Start the Service Manager. Under the ..\hostondemand\private directory, look for the file named NativeSSLTrace.trc. This file has the trace data from the Redirector.
  4. To stop the trace, stop the Service Manager and set the value of the environment variable to No. Delete the NativeSSLTrace.trc file if necessary.

    Note Each time the Service Manager is started, the trace file is newly created. All existing contents of the file are overwritten.

Related topics

  • Using the Host On-Demand Redirector
  • Configuring a Session to Connect to the Redirector
  • Adding a host to the Redirector
  • Redirector Troubleshooting Checklist