Configure Multiple TLS Connections

You can use TLS connection profiles to configure connections that TLS use different encryption modes and connection parameters.

Tip: When a Uniface environment has multiple Uniface Routers, it is best to configure one Uniface Router and its client applications and Uniface Servers at a time.

For more information, see Logical and Physical Connections and TLS Connection Profiles.

Client Connection to Multiple Uniface Routers

This example shows how you can connect to two Uniface Routers with different TLS parameters:

  1. In the assignment file of the first Uniface Router, add a section [NET_SETTINGS] and define a TLS configuration profile with the desired connector options.

    For example, this profile enables server verification using a self-signed certificate:

    [NET_SETTINGS]
Srv1Cert verify_server=yes, srv_cert=usys:myserver1.crt, %\
          srv_key=usys:myserver1.key
  2. Use the profile name in the path used to start the Uniface Router. For example, in the Uniface Router's assignment file, you can set $DEFAULT_NET as follows:
    [SETTINGS]
$DEFAULT_NET  TLS:+13001:Srv1Cert

    Alternatively, you can specify it on the Uniface Router command line. For example, on Unix you start the Uniface Router like this (possibly with other paths or flags):

    urouter TLS:+13001:Srv1Cert

    Note:  On Windows you must first uninstall the URouter service, then reinstall it using urouter /inst=ServiceName TLS:+13001:Srv1Cert. For more information, see Stop and Start the Uniface Router.

    Now the first Uniface Router will be listening on port 13001 using the parameters specified for the Srv1Cert profile in [NET_SETTINGS].

  3. In the assignment file of the second Uniface Router, define a TLS profile with a different name and the desired connector options. For example: 
    [NET_SETTINGS]
Srv2_SKEnc shared_key=My Big S3cret
  4. Use this profile name to start the second Uniface Router. For example: 
    [SETTINGS]
$DEFAULT_NET  TLS:+13001:Srv2_SKEnc
  5. In the assignment file of the client application:
    1. Add a [NET_SETTINGS] section and the same TLS profile names that you defined for Uniface Routers:
      [NET_SETTINGS]
Srv1Cert verify_server=yes, ca_cert=usys:myserver1.crt, %\
         ca_key=usys:myserver1.key
Srv2_SKEnc shared_key=My Big S3cret

      Note: Note that the Srv1Cert profile in the client has the same name as in the Uniface Router file. The options match the server profile, but they are not identical.

    2. Modify the paths to your two Uniface Routers, adding :Srv1Cert to the path of the first Uniface Router and :Srv2_SKEnc to the path of the second Uniface Router:
      [PATHS]
$SRV1      TLS:server1.mydomain+13001:Srv1Cert|user|password|ust
$SRV2      TLS:server2.mydomain+13001:Srv2_SKEnc|user|password|ust
Note:  If you use a profile name that is not actually defined in the [NET_SETTINGS] section, a network connection error is returned:

8061 - Network error detected (NETERR_CONNECTION [-18]: TLS: [-79] Invalid driver option, 'ConnectionProfile' not found in the [NET_SETTINGS] section of the assignment file.