|Product:||SSL Solutions (SSL Server), DBConnectivity products for IBM Db2 for i (HiT ODBC/400, HiT OLEDB/400)|
|Summary:||How to install and run HiT SSL Server on IBM i for use with HiT ODBC and OLE DB products|
To install HiT SSL Server on the IBM i (AS/400), you first need to obtain the package via the corporate web site. you can then extract the files, configure the serverand copy the relevant files to the IBM i. For additional detail on the setup process, please refer to the HiT SSL Server Guide included in the downloaded files.
In a Microsoft Windows Environment:
- Unbundle the downloaded zip file using a tool such as WinZip, pkunzip or jar. We recommend that you create a separate directory to unzip the file in. For example:
c:\hitsslsrv> jar xvf hitsslsrv_v210.zip
c:\hitsslsrv> pkunzip -d hitsslsrv_v210.zip
NOTE: If you are using a tool that doesn't preserve path names by default, be sure to specify the option that preserves path names. For example, specify -d for pkunzip.
The downloaded zip file contains three directories:
containing the hitsslsrv.jar, hitsecurity_win.jar and hitsecurity_unix.jar files which contain the class files for the HiT SSL Server server application. There are also default certificate files that can be used for testing.
containing ssltoolbox.jar which contains the class files for HiT SSL Toolbox utilities.
- Place your license key file, hitlicense.jar, in the same directory as hitsslsrv.jar because these two jar files will need to be in the classpath when the server application is run.
You should receive your license key for HiT SSL Server via email. You will need a license key to run HiT SSL Server server application. If do not receive a license key, send an email to HiT Software at firstname.lastname@example.org or call (408) 345 4001. The license key is included in a jar file called hitlicense.jar and attached to the email. We recommend that you place the hitlicense.jar file in the same directory where hitsslsrv.jar is in because these two jar files will need to be in the classpath when the server application is run.
- Configure the connection settings for HiT SSL Server. You will need to know the connection information as used in your IBM i environment.
HiT SSL Server’s connection settings are stored as properties in a text file. The SSL Server uses the default file hitssl.properties when it starts. The connection settings are stored like arrays of properties where a set of properties with the same index represents the settings for a connection to a database or server. Refer to the HiT SSL Server Guide in the doc directory for complete details on the connection properties.
- (Optional) Create a shell script to run HiT SSL Server from QShell in the IBM i environment. For example, a start_sslsrv.sh file can contain the following information to start the server.
java -classpath .:/hitsc/hitsslsrv.jar:/hitsc/hitsecurity_unix.jar:/hitsc/hitlicense.jar hit.sslsrv.Sslsrv -admin:port=9000 -inactive:1 hitssl.properties
In the IBM i environment:
HiT SSL Server is a Java tool and must be run from a Java command. JRE or JDK 1.5 or higher is recommended to run the application. IBM i (AS/400) provides two options for running Java programs:
- A unix-like shell named QSHELL http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frzahz%2Fcommands.htm
This option is appropriate for testing.
- The JAVA CL command. This option is appropriate for production environments.
- From an IBM i command prompt, type STRQSH to start QSHELL.
- Check to see that Java is installed by typing: java –version
- To install HiT SSL Server, create a new folder on the IBM i using the mkdir command:
- To load the HiT SSL Server files from the PC to the IBM i, use ftp from a Windows command prompt on your PC.
On the PC, first change directory to the directory where you have set up the .jar files, the .properties file and the .sh file.
- Connect to the IBM i system:
- Enter the user name and password.
- Set the file type to binary:
quote type I
quote site namefmt 1
- Change directory to the directory you created for the SSL server files:
- Transfer the files from the PC using the put (single file) or mput (multiple files) command. Be sure to load all the files in the sslserver directory, including the properties file and the shell script.
- Close the ftp session.
- On the IBM i system, run HiT SSL Server either using the shell script you created above or directly from the QShell command line:
HiT SSL Server application usage: java hit.sslsrv.Sslsrv [-options] [property-file] where options are:
-help Prints out the options listed here.
-stat Includes statistics in output.
-admin:port=<port-number> Specifies the admin port number (see Chapter 6 of the HiT SSL Server Guide.)
-version Prints out the build version.
-more Outputs more information (useful in case there are connection issues.)
-timeout:[seconds] Sets the connection timeout value specified. The default connection timeout value is 45 seconds.
-inactive:[minutes] Sets an inactive limit after which the connection is closed. The default value is 480 minutes.
property-file is the name of the configuration file. This can be used to tell the SSL Server to use the specified file as the configuration file. By default if a configuration file is not specified, SSL Server uses the file hitssl.properties.
Useful QSHELL commands:
- ls –la (directory listing)
- cd (change directory)
- rm (remove file/directory)
- cat (display file content)
In production, it is recommended to start the server using CL, so the server becomes a job. Here is a sample CL script.
Columns . . . : 1 71 Editing CONSUMITAP/QCLSRC
FMT ** ...+... 1 ...+... 2 ...+... 3 ...+... 4 ...+... 5 ...+... 6 ...+... 7
015.00 /* STARTING REMOTE SECURITY */
016.00 CHGJOB PURGE(*NO)
017.00 MONMSG MSGID(CPF0000)
018.00 OVRPRTF FILE(QPRINT) PAGESIZE(*N 300) MAXRCDS(*NOMAX)
019.00 MONMSG MSGID(CPF0000)
020.00 ADDENVVAR ENVVAR(CLASSPATH) +
021.00 VALUE('.:/hitsc/ hitsslsrv.jar:+
024.00 MONMSG MSGID(CPF0000)
025.00 CD DIR('/hitsc)
026.00 MONMSG MSGID(CPF0000)
027.00 JAVA CLASS('hit.sslsrv.Sslsrv') +
028.00 PARM('-admin:port=9000' '-inactive:1' 'hitssl.properties')
029.00 MONMSG MSGID(CPF0000)
Note: Make sure the Java CLASSPATH includes these three jar files: hitsslsrv.jar hitsecurity_unix.jar hitlicense.jar
To add the option -stat, modify the CL using the example below.
027.00 JAVA CLASS('hit.sslsrv.Sslsrv') +
028.00 PARM('-admin:port=9000' '-stat' 'hitssl.properties')