Co-authored by Ankit Modi
We are in a world where security aspects play a vital role. Customers are always keen to ensure that the security of their applications are properly implemented. Customers set some mandates when it comes to any kind of connectivity and one such mechanism is to strengthen the security by enabling TLS. When it comes to Connect:Direct File Agent it does connects to the Connect:Direct Server on its API port to watch and trigger processes. The current File Agent User Interface offers API Connection configuration however it does not support Secure Connection to Connect:Direct Server and Certificate based authentication mechanism. In this blog, we will understand how one can configure the File Agent to enable Secure API Connection and Certificate based authentication using the suggested workaround method. Please be aware that by API, I am referring that file agent connects to java API of CD and not CD webservice.
For this blog, I have deployed Connect:Direct V18.104.22.168 and File Agent V22.214.171.124 on Windows platform. Below are the high-level steps that we need to perform,
- User Account Configuration in File Agent
- Create a Keystore for File Agent
- Create a Trust Store for File Agent
- Update Secure+ Configuration
- User Account Configuration in Connect:Direct
- Launch the File Agent
User Account Configuration in File Agent
To enable certificate-based authentication we first need to create an External Login File for the File Agent. To create the external login file, we will be using the Java Connection Utility (JCU) and the Connect Direct Java Application Interface (CDJAI) jar file.
- Open Command Prompt in Administrator mode
- Navigate to your File Agent Installation Path – “\IBM\FileAgent\”
- Utilize the java executable file that resides in your File Agent jre directory and execute the below command,
\jre\bin\java.exe -classpath CDJAI.jar com.sterlingcommerce.cd.sdk.JCU -fcddef.jcu
CDJAI.jar → Connect Direct Java Application Interface jar
-f → Denotes a file name parameter
cddef.jcu → External Login File
- Once you execute the above command you will be prompted to enter the below information of your Connect Direct Server
Node Name → CD Node Name
IP Address → IP Address of the machine where your CD is installed
User Id → We are enabling certificate-based authentication hence this user id will not have any significance.
Because the common name used in the certificate will be considered as the actual username to be used for connection with the server which we will be performing in upcoming steps. However, User Id is a mandatory parameter hence a dummy user id
value can be provided here.
Password → As we are enabling certificate-based authentication, dummy password value can be provided here
Protocol → Your input should be the TLS version info and we will be using TLS12
Since JCU doesn’t support entering empty password we had to enter the value for it in previous step. However, empty password is required to trigger the certificate-based authentication on the Connect:Direct server. So as a workaround, navigate to your file agent installation path, open cddef.jcu file in a text editor and remove all characters after "2=" from the line starting with User.