Configuring Secure Connections in the Windows Environment

To configure secure connections in the Windows environment, do the following:

  1. From your home directory, navigate to the \.MCPSQL directory.

  2. Modify the provider.properties file to specify an SSL/TLS port to use a secure MCPConnection connection.

    For example,

    port2013=MCPConnectSSL

    If a port is not specified to use secure connections, it defaults to the standard TCP/IP implementation of MCPConnection.

    The following example provides a sample provider.properties file: 

    #socket Implementation selection (case sensitive, default = MCPConnection)
#<HOST>port<port#>=<Implementation Identifier>
##  <HOST> specifies the host name. optional but if used must be uppercase.
##  MCPConnection = Standard port
##  MCPConnectSSL = SSL/TLS port
##  Example: For port 2013 on MYHOST:  MYHOSTport2013=MCPConnectSSL
##           For port 2013 on any host:  port2013=MCPConnectSSL
port2013=MCPConnectSSL
#implementation of MCPConnection (case sensitive)
MCPConnection=com.unisys.mcpsql.provider.mcpconnection.socketimpl.MCPSocket
MCPConnectSSL=com.unisys.mcpsql.provider.mcpconnection.socketimpl.MCPSSLSocket

  3. Retrieve a certificate from a Certificate Authority for the Query Processor server.

    For more information about retrieving a certificate, refer to the MCP Security Overview and Implementation Guide.

  4. Verify that you have a jssecacerts trust store installed in your Java security directory.

    If a jssecacerts truststore is not installed, do the following:

    1. Navigate to the following directory: %JAVA_HOME%\lib\security.

    2. Use the Java KeyTool utility to create a jssecacerts file. 

      keytool -import -alias <myalias> -file <server public certificate>
        -keystore "jssecacerts"
        -storepass <changeit>

      where

      • <myalias> is the name given to the certificate when importing to the Java truststore.

      • <server public certificate> is the root certificate you want to import into the truststore.

      • <changeit> is the password of the truststore.

  5. From a command prompt or PowerShell session, install the certificate you obtained in step 2 into the jssecacerts trust store using the following command: 

    keytool -import -alias <myalias> -file "<certificate location>"
        -keystore "%JAVA_HOME%\lib\security\jssecacerts"
        -storepass <changeit>

    where

    • <myalias> is the name given to the certificate when importing to the Java truststore.

    • <certificate location> is the location of the certificate you want to import.

    • <changeit> is the password of the truststore.

Prev  Up  Next
Configuring Secure Communications  Home  Enabling Secure Connections for Query Processor