Configuring SSL for CORBA

This procedure describes how to configure SSL between components that use the CORBA protocol.

To configure SSL for CORBA:

1. In the jacorb.properties file, located in <Control-M/EM Home Directory>/etc/jacorb.properties, do the following:
   1. Set the jacorb.security.support_ssl parameter to on.
   2. If you are using AIX with IBM JSSE implementation, set the following parameters:
      • jacorb.security.jsse.server.key_manager_algorithm=IbmX509
      • jacorb.security.jsse.server.trust_manager_algorithm=IbmX509
      • jacorb.security.jsse.client.key_manager_algorithm=IbmX509
      • jacorb.security.jsse.client.trust_manager_algorithm=IbmX509
   3. If you are using Sun Solaris, set the following parameters:
      • jacorb.security.jsse.server.key_manager_algorithm=SunX509
      • jacorb.security.jsse.server.trust_manager_algorithm=SunX509
      • jacorb.security.jsse.client.key_manager_algorithm=SunX509
      • jacorb.security.jsse.client.trust_manager_algorithm=SunX509
   4. If you are using a different operation system, these fields must be commented out.
2. Stop the Control-M/EM Configuration Agent, Naming Service, and CMS. If you are on Control-M/EM Distributed computer, stop the Control-M/EM Configuration Agent.
3. (UNIX only), type the following command:

   setenv DISPLAY <terminal_IP_address>

4. From <EM Home Directory>/bin, run one of the following:

   UNIX: orbconfigure

   Windows: orbconfigure.vbs

   The Domain Configuration window appears.

5. In the Domain Settings panel, do the following:
   1. Check the Use Secure Sockets Layer (SSL) checkbox.
   2. In the given path, under Use TAO internal configuration file checkbox, change the file name client_server.conf to ssl_client_server.conf.
6. Click Next.

   The Naming Service panel appears (If needed configure the Host and Port values).

7. Click Next and then click Finish.
8. If you ran the above on a Control-M/EM Distributed computer, run the following on the primary Control-M/EM:
   • orbadmin ns stop
   • orbadmin ns start

   This registers the services again in the Naming Service using the new configuration.

9. Start the Control-M/EM Configuration Agent.