CSIv2 transport inbound settings

CSIv2 transport inbound settings

Use this page to specify which listener ports to open and which SSL settings to use. These specifications determine which transport a client or upstream server uses to communicate with this server for incoming requests.
To view this administrative console page, complete the following steps:

Click Security > Global security.
Under Authentication, click CSIv2 inbound transport.

Configuration tab

Transport

Specifies whether client processes connect to the server using one of its connected transports.
We can choose to use either SSL, TCP/IP or both as the inbound transport that a server supports. If you specify TCP/IP, the server only supports TCP/IP and cannot accept SSL connections. If you specify SSL-supported, this server can support either TCP/IP or SSL connections. If you specify SSL-required, then any server communicating with this one must use SSL.
If you specify SSL-supported or SSL-required, decide which set of SSL configuration settings you want to use for the inbound configuration. This decision determines which key file and trust file are used for inbound connections to this server.

TCP/IP

If you select TCP/IP, then the server opens a TCP/IP listener port only and all inbound requests do not have SSL protection.

SSL-required

If you select SSL-required, then the server opens an SSL listener port only and all inbound requests are received using SSL. Important: If you set the active authentication protocol to CSI and SAS, then the server opens a TCP/IP listener port for the Secure Authentication Service (SAS) protocol regardless of this setting. Only an SSL listener port is opened, and all requests come through SSL connections. If you choose SSL-required, also choose CSI as the active authentication protocol. If you choose CSI and SAS, SAS requires an open TCP/IP socket for some special requests. We can select either CSI or CSI and SAS from the Global security panel, which is accessible from Security > Global Security.

SSL-supported

If you select SSL-supported, then the server opens both a TCP/IP and an SSL listener port and most inbound requests are received using SSL.

By default, SSL ports for CSIv2 (CSIv2) and Security Authentication Service (SAS) are dynamically generated. In cases where we need to fix the SSL ports on application servers, click Servers > Application Servers > servername. Under Additional properties, click Endpoint listeners.
Provide a fixed port number for the following ports. A zero port number indicates that a dynamic assignment is made at run time.
CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS
CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS
SAS_SSL_SERVERAUTH_LISTENER_ADDRESS

Default: SSL-Supported
Range: TCP/IP, SSL Required, SSL-Supported

SSL settings

Specifies a list of predefined SSL settings to choose from for inbound connections. These settings are configured at the SSL Repertoire panel, which is accessible by clicking Security > SSL.

Data type: String
Default: DefaultSSLSettings
DefaultIIOPSSL
Range: Any SSL settings configured in the SSL Configuration Repertoire

Default:	SSL-Supported
Range:	TCP/IP, SSL Required, SSL-Supported

Data type:	String
Default:	DefaultSSLSettings
DefaultIIOPSSL
Range:	Any SSL settings configured in the SSL Configuration Repertoire