Client authenticated Secure Sockets Layer with the i2 Connect gateway
To secure the connection between Liberty and any connectors for the i2 Connect gateway, you must configure Liberty and your connectors to use SSL. If you are using SSL, i2 Analyze enforces client-authenticated communication with a connector.
In a production deployment you should configure i2 Analyze to connect to your connector using client-authenticated SSL communication. To do so, your connector and i2 Analyze must trust the certificates that they receive during the SSL handshake process. In a production environment, the certificates must be signed by a trusted certificate authority. For more information about client authenticated SSL, see Client-authenticated TLS handshake.
The following diagram shows the keystores and truststores that are required for Liberty and the connector.
The Liberty server requires a keystore file and a truststore file. Your connector can use any implementation for its keystore and truststore. The certificates in each truststore must trust the certificates received from the corresponding keystore.
The certificates that are required are as follows, where certificate authority (CA) X issues the certificates to the connector (the server) and Liberty (the client):- The connector requires:
-
- In its keystore:
- The personal certificate issued to the connector by CA X
- The connector's private key
- In the truststore:
- The CA certificate for CA X
- In its keystore:
- Liberty requires:
-
- In its keystore:
- The personal certificate issued to Liberty by CA X
- Liberty's private key
- In its truststore:
- The CA certificate for CA X
- In its keystore:
The following steps explain the process of updating the i2 Analyze configuration with the location of a keystore and truststore to use, and the passwords that are used to access the certificates that are contained within them.
To configure the example-connector to use client-authenticated SSL, and for examples of how to create keystores, truststores, and certificates for Liberty, follow the instructions in Securing the example connector.
You can create your own connectors to use with the deployment of i2 Analyze, when you create your own connector you can implement security that conforms to the security required by the i2 Connect gateway. For more information about creating your own connectors, see i2 Analyze and i2 Connect.
When you use a connector configured for SSL communication, you should not see any warnings displayed in Analyst's Notebook Premium.