IBM BPM, V8.0.1, All platforms > Authoring services in Integration Designer > Services and service-related functions > Access external services with adapters > Configure and using adapters > IBM WebSphere Adapters > Email > Plan for adapter implementation > Security

Configure Secure Socket Layers

Data that travels across a network can be intercepted by third parties. When this data includes private information such as passwords or credit card numbers, steps must be taken to make this data unintelligible to unauthorized users. Using Secure Sockets Layer (SSL), you protect the integrity of information passed between the mail server and the adapter.

To enable SSL, the following prerequisites must be satisfied:

• The mail server must support secure IMAP, POP3, and SMTP communication using SSL

• The mail server must have its own private key and certificate

• An email client must be installed

E-mails passing through the mail server are vulnerable to third-party interference when SSL is not configured for use with the adapter. Using SSL prohibits data from being modified either intentionally or unintentionally during transport and protects data from being intercepted. It is effective because it uses several cryptographic processes, such as public key cryptography for authentication with the mail server and secret key cryptography and digital signatures for privacy and data integrity. SSL allows the adapter to authenticate the identity of the mail server and, when necessary, for the mail server to authenticate the identity of the mail client.

Procedure

1. Set the email client truststore.
   A truststore helps an email client decide what it can trust. When SSL is configured, IBM BPM or WebSphere Enterprise Service Bus sends its certificate to the email client for verification. The email client verifies the certificate to ascertain that it is communicating with the intended mail server. To enable this verification process, the certificate of the mail server must be present in the client's truststore. Use the following steps to set up the email client truststore.

   1. In IBM Integration Designer, right-click the server and click Run Process Administrative Console.
   2. Expand Security.

   3. Select SSL certificate and key management.
   4. Under Related items, select Key stores and certificates.

   5. Select NodeDefaultTrustStore.

      Figure 1. Selecting NodeDefaultTrustStore

      

   6. Under Additional properties, select Signer certificates.

   7. Click Add.

   8. In the Alias field, type the certificate name.

      Figure 2. Adding signer certificate properties for the mail server certificate

      

   9. In the File name field, type the full path of the mail server certificate.

   10. Click OK.

2. Configure SSL properties for the adapter.

   1. In the external service wizard, set enableSSL to True. By default, enableSSL is set to False.

   2. When using SSL for inbound communication, set the port number to 993 if you are using the IMAP email protocol and 995 if you are using the POP3 email protocol. For outbound communication using the SMTP email protocol, set the port number to 465.

Security