CSIv2 transport inbound settings

CSIv2 transport inbound settings

To specify which listener ports to open and which SSL settings to use. These specifications determine which transport a client or upstream server uses to communicate with this server for incoming requests.

Click...
Security | Global security

Under Authentication, click RMI/IIOP security > CSIv2 inbound transport.

Transport

Whether client processes connect to the server using one of its connected transports.
We can choose to use either SSL, TCP/IP or both as the inbound transport that a server supports. If we specify TCP/IP, the server only supports TCP/IP and cannot accept SSL connections. If we specify SSL-supported, this server can support either TCP/IP or SSL connections. If we specify SSL-required, then any server communicating with this one must use SSL.
If we specify SSL-supported or SSL-required, decide which set of SSL configuration settings you want to use for the inbound configuration. This decision determines which key file and trust file are used for inbound connections to this server.

TCP/IP

If we select TCP/IP, then the server opens a TCP/IP listener port only and all inbound requests do not have SSL protection.

SSL-required

If we select SSL-required, then the server opens an SSL listener port only and all inbound requests are received using SSL.
SAS is supported only between V6.0.x and previous version servers that have been federated in a V 6.1 cell.

SSL-supported

If we select SSL-supported, then the server opens both a TCP/IP and an SSL listener port and most inbound requests are received using SSL.

Provide a fixed port number for the following ports. A zero port number indicates that a dynamic assignment is made at runtime.
CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS
CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS
SAS_SSL_SERVERAUTH_LISTENER_ADDRESS

Default: SSL-Supported
Range: TCP/IP, SSL Required, SSL-Supported

SSL settings

List of predefined SSL settings to choose from for inbound connections.
These settings are configured at the SSL Repertoire panel. To access the SSL Repertoire panel...

Clicking Security > SSL certificate and key management.
Under settings, click Manage endpoint security configurations and trust zones.
Expand Inbound and click inbound_configuration.
Under Related items, click SSL configurations.

Data type: String
Default: DefaultSSLSettings
DefaultIIOPSSL
Range: Any SSL settings configured in the SSL Configuration Repertoire

Centrally managed

The selection of an SSL configuration is based upon the outbound topology view for the Java™ Naming and Directory Interface (JNDI) platform.
Centrally managed configurations support one location to maintain SSL configurations rather than spreading them across the configuration documents.

Default: Enabled

Use specific SSL alias

SSL configuration alias to use for LDAP outbound SSL communications.
This option overrides the centrally managed configuration for the JNDI platform.

z/OS SSL settings

List of predefined SSL settings for inbound connections. Set these settings on the SSL panel by clicking Secure communications on the admin console.

Related tasks

Set inbound transports

Default:	SSL-Supported
Range:	TCP/IP, SSL Required, SSL-Supported

Data type:	String
Default:	DefaultSSLSettings
DefaultIIOPSSL
Range:	Any SSL settings configured in the SSL Configuration Repertoire