I would like to set up SSL encryption between the User's browser to CA Output Management Web Viewer 11.5, and from the Web Server to Microsoft SQL and to the Mainframe.

Document ID : KB000024022
Last Modified Date : 07/02/2019
Show Technical Document Details
Introduction:

I would like to set up SSL encryption between the User's browser to CA Output Management Web Viewer 11.5, and from the Web Server to Microsoft SQL and to the Mainframe.

 

 

Background:

How to set up CCIPCSSL and CCISSL.  Web Viewer does not support HTTPS for the browser.
The only part that can be encrypted using SSL is the Mainframe to Server connection using CCIPCSSL and CCISSL. Web Viewer 11.5 does not currently support that for the connection between your Web Server, MS SQL Server and the User's Browser.

Instructions:

SSL Encryption between the Web Viewer Server and the Mainframe

You may already have SSL encryption installed between the Web Viewer Server and the mainframe if you are running CCIPCSSL on the server and the mainframe is running CCISSL instead of CCITCP.

Installing CCIPCSSL

If you do not have the SSL version of CCI installed on the Web Viewer Server, please refer to QI91436 CCI INSTALL AND UNINSTALL PROCEDURES for complete instructions on how to upgrade.

Configuring CCIPCSSL

If you do not have the SSL version of CCI installed on the Web Viewer Server, please refer to QI91436 CCI INSTALL AND UNINSTALL PROCEDURES for complete instructions on how to upgrade.

SSL encryption is disabled by default. To configure CCIPCSSL to enable encryption,

  • Open CAICCI-PC properties: Start->Programs->CA->CAICCI-PC with SSL->CAICCI-SSL Configuration
     
  • On the SSL Tab, Select 'Force Secure End to End connection'
     
  • The current version of CCIPCSSL requires the location of your CA certificate, so you need to provide the path. This information is available from your company's security administrator. (see NOTE below)
     
  • Select APPLY, OK

    Figure 1

NOTE: Mainframe-only authentication does not require a client certificate on the PC side. However, if you leave that field blank for CCISSL-PC, it will force a value in the field.

  • On the TCPIP Tab, enter 1204 for the Port: This is the default port for CCI SSL.

    Figure 2
     
  • Select APPLY, OK

 

 

Additional Information:

Where to Get More Information about Installing and configuring CCIPCSSL and CCISSL

For more information on how to configure SSL for CCI, please see CA Common Services CAICCI-SSL and External Security which contains information about configuring both the CCI SSL both for the mainframe and the PC, certificates and a link to their manual which contains additional information.

Additional Security Information for Web Viewer

With Internal Security set for the Web Viewer server, all passwords are always encrypted. If Web Viewer Security is set to Advanced, no passwords or user Ids are stored in the Web Viewer's SQL database.

SSL Support Between the User's Browser and the Web Viewer Server and the SQL Database

Encryption support between the user's browser and the Web Viewer Server and the MS SQL Server is currently not provided by Web Viewer.

However, Web Viewer can run in a secure https environment. Information about how to set up an HTTPS service in IIS is available on the Microsoft support site.

If you have questions or concerns, please contact CA Support.


NOTE: The default certificates may be used if you do not have your own certificates.