Connections > REST V2 connection properties > Secure communication

Secure communication

To establish one-way or two-way secure communication with the REST API, you can configure TLS authentication.

The Secure Agent establishes a secure connection with the REST API over TLS. You can use one-way SSL or two-way SSL. Before configuring the certificates, ensure that the certificates are in the .jks format.

Use One-Way SSL

To use one-way SSL, perform the following steps:

•Import the server certificate to the following file path:

<Secure Agent installation directory>\jre\lib\security\cacerts

From the command line, run the following command:

keytool -importkeystore -srckeystore <PathtoCert>\clientSSL.p12 -srcstoretype <type of certificate pkcs12> -destkeystore <Informatica agent Installation location\jdk\jre\lib\security\cacerts -deststoretype JKS

•Add JVM options in the Secure Agent properties for the truststore file name and truststore password:

- Click Administrator > Runtime Environments and select an agent.
- Select Type as DTM under System Configuration Details.
- Add the following JVM options:

▪ JVMOption1=-Djavax.net.ssl.trustStore=<absolute path of the .jks truststore file>
▪ JVMOption2=-Djavax.net.ssl.trustStorePassword=<truststore password>

Alternatively, you can specify the name of the truststore file and truststore password in the TrustStore File Name and TrustStore Password connection properties.

Use Two-Way SSL

To use two-way SSL, you must first configure one-way SSL, and then perform the following steps:

•Add JVM options in the Secure Agent properties for the keystore file and keystore password:

- Click Administrator > Runtime Environments and select an agent.
- Select Type as DTM under System Configuration Details.
- Set the following JVM options:

▪ JVMOption3=-Djavax.net.ssl.keyStore=<absolute path of the .jks keystore file>
▪ JVMOption4=-Djavax.net.ssl.keyStorePassword=<keystore password>

Alternatively, you can specify the name of the keystore file and keystore password in the KeyStore File Name and KeyStore Password connection properties.

If you specify keystore and truststore properties in the connection and in the JVM options, the Secure Agent processes the certificates based on the properties configured in the connection.