Setting up Redirector with TLS or SSL
To set up Host On-Demand Redirector with TLS or SSL using a Self-Signed Certificate, do the following:
- Use Certificate Management to create a new CMS key database file, for example, HODServerKeyDb.kdb, by selecting
Key Database File > New.
- Type a password for the key database file, and make sure you select Stash the password to a file?.
- Select Personal Certificates from the drop-down menu.
- Click New Self-Signed in the lower right corner of the Certificate Management window.
- Extract the certificate as a Base64 .arm file to
the
bin
directory (for example, C:\Program Files\IBM\HostOnDemand\bin
or /usr/local/hostondemand/bin).
- Select Key Database File > New. Create a PKCS12 file, for example CustomizedCAs.p12,
and give it the default password hod. Save it to the publish directory.
The default publish directory is the
HOD
directory (for example, C:\Program Files\IBM\HostOnDemand\HOD
or /usr/local/hostondemand/hod).
|
When creating CustomizedCAs.p12, you must use the default password hod. Do not change this password. |
- Select Signer Certificates from the drop-down menu and
add the .arm certificate file to the CustomizedCAs.p12 file in
the publish directory.
The default publish directory is the
HOD
directory (for example, C:\Program Files\IBM\HostOnDemand\HOD
or /usr/local/hostondemand/hod).
Label the certificate appropriately.
- Restart the Host On-Demand Service Manager.
- Modify or add a Redirector Service with client-side security.
- Modify or add a session to connect with the TLS or SSL-enabled Redirector Service.
Enabling TLS or SSL tracing in the Redirector code
To enable TLS or SSL tracing in the Redirector code, follow these steps on the system running
Redirector:
- Stop the Service Manager if it is currently started.
- Set an environment variable:
SVR_START_TRACE =Yes
To set this variable:
- For Windows NT, Windows 2000, and Windows XP use the GUI.
- For Windows 98, use set command on a command line.
- For AIX, use the export command.
- For Linux, export the variable according to the shell being used.
|
The variable value is case sensitive. |
- Start the Service Manager. Under the ..\hostondemand\private directory, look for the file named
NativeSSLTrace.trc. This file has the trace data from the Redirector.
- To stop the trace, stop the Service Manager and set the value of the environment variable to No.
Delete the NativeSSLTrace.trc file if necessary.
|
Each time the Service Manager is started, the trace file is newly created. All existing contents
of the file are overwritten. |
Related topics