Installing Client SDK and SSL Certificates
To communicate encrypted with the database server, you need a current CSDK version on the client side, i.e. also on the scout, with the corresponding Global Security Toolkit. It is therefore necessary to install the appropriate CSDK on the scout.
The CSDK is always installed under /opt in a directory starting with informix_csdk. The INFORMIXDIR is always set to /opt/informix and is a symbolic link.
The installation is done by uploading the installation file (tar) via 'select CSDK-File' and then 'Upload'. The installation directory must then be specified before 'Install CSDK' is pressed. The specified name is always preceded by informix_csdk. The version number of the CSDK is useful here. For example, a path '4.50.FC5' becomes the directory 'informix_csdk4.50.FC5'.
If the CSDK is installed, a directory ssl for the KeyStore and pdo for the PDO driver are created in the CSDK directory in addition to the installation. After the installation, the PDO driver is rebuilt from the sources on the scout and stored in the pdo directory.
The file that specifies the path to the keystore for SSL connections (conssl.cfg) is stored in the CSDK directory under etc. The path points to /opt/informix/ssl.
To activate the new CSDK the symbolic link /opt/informix must be set to the new CSDK. After successful installation the new CSDK appears in the ComboBox before the 'set SymLink' button and can be selected. The button then places the symbolic link to the new directory. This is also shown in the right part of the mask.
If no KeyStore is available, the KeyStore must first be created. For this purpose, a password must be entered in both fields for the first time. Since the password is stored encrypted next to the KeyStore (stashed), it is no longer needed for later actions.
Once the KeyStore has been created, the certificate from the server must be inserted into the KeyStore. The certificate has to be extracted on the server. Use this command on the server:
gsk8capicmd_64 -cert -extract -db <Name des KeyStores auf dem Server> -format ascii -label <Labelname auf dem Server> -pw <Passwort des KeyStores auf dem Server> -target <Labelname auf dem Server>.cert
The label name on the server is the name you specified in the onconfig under SSL_KEYSTORE_LABEL. This is exactly the name you have to enter in the 'Certificate Label' field during our installation. The server requests the certificate for this label from the client. If no certificate is assigned to this label in the KeyStore, no encrypted connection can be established. If the certificate is selected and uploaded (it must end in .cert), it can be integrated into the KeyStore with 'Install Certificat'.
After that you can establish an encrypted connection to the server by selecting the protocol onsocssl. For this you have to use the corresponding data of the onsocssl connection of the server.
If a certificate is to be removed from the store, this can be done via the red cross behind the displayed certificate. The same applies to deleting a CSDK installation. However, the active one (which is indicated by the symbolic link /opt/informix) cannot be deleted.