CORBA 2.6.1 Administration Guide
Chapter 6. Configuring Security Features
Chapter 6. Configuring Security Features
IIOP/SSL Transport Protocols
Configuring and Managing Private Keys and Certificates
profile in env.sh
newca Script
newreq Script
signreq Script
pkcs12 Script
Configuring and Managing Security Unaware Applications
Modifying the NonStop CORBA Configuration
Configuring and Managing Security Aware Applications
Operation with Comm Server, LSD, and Naming Service
Before you begin to use NonStop CORBA 2.6.1 security features you must have installed the IIOP/SSL option for NonStop CORBA 2.6.1.
Note:
When certain servers are configured to use SSL, the Console cannot be used to manage your NonStop CORBA
configuration. You must use the command line tools to manage NonStop CORBA when IIOP/SSL is configured.
IIOP/SSL Transport Protocols
The installer does not enable IIOP/SSL by default. To enable IIOP/SSL, you need to set the IIOP/SSL transport protocols in the configuration
database, either by using the Console or the Configuration Management Tool. The protocol keys, values, defaults, and operational
characteristics are listed in
Configuration Database Entities in this manual. See the NonStop CORBA 2.6.1 Programmer's Guide for C++ for
considerations about using these protocols in application design.
Configuring and Managing Private Keys and Certificates
Security administrators may need to create certificates that are signed by a recognized Certificate Authority (CA) vendor, so that clients will trust
the server certificates. Before starting, a business agreement must exist with a CA vendor who will provide the authorization service.
To create and install the certificates, the administrator must:
Create a public and private key pair with the private key encrypted and the public key in a CSR file.
Deliver the CSR file to chosen CA vendor.
Receive the signed certificate and the supporting certificate chain in the PKSC#12 format.
Install the PKSC#12 file on your NonStop CORBA system at a location of your choosing. There is no default location.
Application developers or administrators may also wish to create a private keys and certificates, to test applications, or to export private keys
and certificates to use with other vendors' SSL implementations.
This document assumes you know standard SSL. If you are not familiar with creating certificates, consult standard SSL references or the
NonStop OSS SSL/TLS Programmer's API Suggestions and Examples, available at
http://oss.atc-compaq.com.
The following example shows how to modify the stack sample to use SSL.
NS Corba directory in example /h13
For this example, toyCA is used
Create CA:
cd /h13
. etc/env.sh
. ssliop/etc/env.sh
newca
/*Answer the questions and create CA*/
Create stack CA:
cd /h13/samples/stack
mkdir cert
cd cert