KB Article #179157

TLS implemenation between Integrator and Gateway

To Configure TLS between Integrator and Gateway, Follow the below steps-


A. Check cstcp configuration for Gateway with command-
peluconf standalone get -s cstcp 

[cstcp]active='1'
[cstcp]auto_control='2'
[cstcp]HostName=''
[cstcp]Port='18770'
[cstcp]TlsActive='0'
[cstcp]TlsCipherSuite='TLS_RSA_ANON_WITH_AES_128_CBC_SHA'
[cstcp]Trace='4'
[cstcp]ServerMax='10'
[cstcp]cstcp_command='ipelapid.sock -tpt CSTCP'
[cstcp]cstcp_context_file='$p_database/cstcpctx.dat'
[cstcp]TlsServerCertificateFile=''
[cstcp]TlsPasswordDkFile=''
[cstcp]TlsPasswordEncFile=''

TlsActive='0' shows TLS is not enabled at Gateway server.

Similarly check $CORE_LOCAL/bin/csconfig.ini file ( for TlsActive entry) to verify if TLS is enabled/disabled in Integrator.


B. Execute below command to generate gateway's file for certificate's password
pelencpass encrypt_pass -encis axway -encpwd 'Certificate_Password' -saltf /Gateway_V6.17/run_time/tls/salt_key_file -dkf /Gateway_V6.17/run_time/tls/derived_key_file -encf //Gateway_V6.17/run_time/tls/encrypted_data_file


C. Update Gateway's CSTCP configuration with below commands-

  1. peluconf standalone set -s cstcp TlsServerCertificateFile /Gateway_V6.17/run_time/tls/Axway_SPHERE_GTW_Navigator.p12
  2. peluconf standalone set -s cstcp TlsPasswordDkFile /Gateway_V6.17/run_time/tls/derived_key_file
  3. peluconf standalone set -s cstcp TlsPasswordEncFile /Gateway_V6.17/run_time/tls/encrypted_data_file
  4. peluconf standalone set -s cstcp TlsCipherSuite TLS_RSA_WITH_AES_128_CBC_SHA
  5. peluconf standalone set -s cstcp TlsActive 1
  6. peluconf standalone set -s cstcp Trace 4
new CSTCP configuration is-
[cstcp]active='1'
[cstcp]auto_control='2'
[cstcp]HostName=''
[cstcp]Port='18770'
[cstcp]TlsActive='1'
[cstcp]TlsCipherSuite='TLS_RSA_WITH_AES_128_CBC_SHA'
[cstcp]Trace='0'
[cstcp]ServerMax='10'
[cstcp]cstcp_command='ipelapid.sock -tpt CSTCP'
[cstcp]cstcp_context_file='$p_database/cstcpctx.dat'
[cstcp]TlsServerCertificateFile='/home/bnpmcs/apps/xip1/gtw/Gateway_V6.17/run_time/tls/Axway_SPHERE_GTW_Navigator.p12'
[cstcp]TlsPasswordDkFile='/home/bnpmcs/apps/xip1/gtw/Gateway_V6.17/run_time/tls/derived_key_file'
[cstcp]TlsPasswordEncFile='/home/bnpmcs/apps/xip1/gtw/Gateway_V6.17/run_time/tls/encrypted_data_file'


D. Run below commands to make changes effective

  1. peluconf standalone rebuild
  2. Restart Gateway


E. Add below entries in Integrator/local/bin/csconfig.ini
TlsActive = 1
TlsCipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA
TlsTrustedCertificate = /Gateway_V6.17/run_time/tls/SPHERE_ROOT_Certificate.pem 

Now csconfig.ini file would be as
Integrator/local/bin > cat csconfig.ini
[LOGIN]
[International]
Language = english
[CSTCP]
Transport = TCP
Hostname = rs63
Port = 18770
TlsUsed = 0
SendTimeout = 120
RecvTimeout = 0
CloseTimeout = 0
IdleTimeout = 0
TlsActive = 1
TlsCipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA
TlsTrustedCertificate = /Gateway_V6.17/run_time/tls/SPHERE_ROOT_Certificate.pem

Restart Integrator


Now Integrator and Gateway will communicate Securly using TLS.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.