|
|
|
|
|
Default CA and application certificates are provided and stored in standard PEM format.
To store a Root Certificate of Authority (CA) and signed certificates:
Parameter |
Description |
|---|---|
-SSLAuthenticate |
Indicates whether authentication is required for server, client, or both. Valid values: SERVER, CLIENT, SERVER_AND_CLIENT |
-SSLPrivateKey |
Points to the location of the private key. |
-SSLCertificate |
Points to the location of the public key. |
-SSLCAfile |
Points to the CA certificate. Default: <Control-M/EM_directory>/ini/ssl/new_ca.pem |
-SSLrand |
Points to a binary file used to generate random numbers for dynamically encrypting communications between client and server. The file provided by Control-M/EM can be replaced with another binary file. Client and server binary files are independent and do not need to match. Default: <Control-M/EM_directory>/ini/ssl/rnd.bin Note: This parameter is optional on Windows installations. |
EXAMPLE: If the original content of the ssl_client_server.conf file is:
dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "
-SSLAuthenticate SERVER_AND_CLIENT
-SSLPrivateKey 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU_pk.pem'
-SSLCertificate 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU.pem'
-SSLCAfile 'PEM:/home/ecs1/ctm_em/ini/ssl/new_ca.pem'
-SSLrand /home/ecs1/ctm_em/ini/ssl/rnd.bin" static Client_Strategy_Factory "
-ORBConnectStrategy blocked" static Resource_Factory "
-ORBProtocolFactory SSLIOP_Factory"
Change the full path name of the certificates (bold above) to the names of your certificates.
In this example, authentication of both the server and the client is required because the -SSLAuthenticate parameter is set to SERVER_AND_CLIENT.
Parent Topic |