Storing certificates for TAO

The following procedure describes storing the CA and signed certificates.

Default CA and application certificates are provided and stored in standard PEM format.

To store a Root Certificate of Authority (CA) and signed certificates:

1. Place the certificates (ca_cert.pem, cert_name.pem, and cert_name_priv_key.pem) in the <Control-M/EM_directory>/ini/ssl/new_ca.pem directory.
2. Update the ssl_client_server.conf and ssl_ns.conf files in the <Control-M/EM_directory>/etc> directory by changing the names of the demonstration certificates to the names of your certificates. Parameters for ssl_client_server.conf are explained in ssl_client_server.conf parameters.

   EXAMPLE: If the original content of the ssl_client_server.conf file is:

   dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "

   -SSLAuthenticate SERVER_AND_CLIENT

   -SSLPrivateKey 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU_pk.pem'

   -SSLCertificate 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU.pem'

   -SSLCAfile 'PEM:/home/ecs1/ctm_em/ini/ssl/new_ca.pem'

   -SSLrand /home/ecs1/ctm_em/ini/ssl/rnd.bin" static Client_Strategy_Factory "

   -ORBConnectStrategy blocked" static Resource_Factory "

   -ORBProtocolFactory SSLIOP_Factory"

   Change the full path name of the certificates (bold above) to the names of your certificates.

   In this example, authentication of both the server and the client is required because the -SSLAuthenticate parameter is set to SERVER_AND_CLIENT.