The following procedure describes storing the CA and signed certificates.
Default CA and application certificates are provided and stored in standard PEM format.
To store a Root Certificate of Authority (CA) and signed certificates:
EXAMPLE: If the original content of the ssl_client_server.conf file is:
dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "
-SSLAuthenticate SERVER_AND_CLIENT
-SSLPrivateKey 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU_pk.pem'
-SSLCertificate 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU.pem'
-SSLCAfile 'PEM:/home/ecs1/ctm_em/ini/ssl/new_ca.pem'
-SSLrand /home/ecs1/ctm_em/ini/ssl/rnd.bin" static Client_Strategy_Factory "
-ORBConnectStrategy blocked" static Resource_Factory "
-ORBProtocolFactory SSLIOP_Factory"
Change the full path name of the certificates (bold above) to the names of your certificates.
In this example, authentication of both the server and the client is required because the -SSLAuthenticate parameter is set to SERVER_AND_CLIENT.
Parent Topic |