CORBA 2.6.1 Administration Guide
newreq stack
/*Answer the questions*/
signreq stack.csr
/*Answer the questions*/
pkcs13 stack.cert.pem
/*Answer the questions*/
Note: Ensure to use a unique name or common name.
Add a profile for Stack SSL:
catch {entitydelete sample_stackSSL@ORB}
entity sample_stackSSL@ORB {
tcp_server true
ssl_only true
ssl_port 0
port_number 0
host_name texas.txn.cpqcorp.net
ssl_cert_file /h13/samples/stack/cert/stack.pem
ssl_pkey_file /h13/samples/stack/cert/stack.pem
ssl_pkey_pswd /h13/ssliop/toyCA/password.txt
CA_file /h13/ssliop/toyCA/CAcert.pem
ssl_ciphers ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
}
if ssl_only == true you do not need port_number
and then for the client profile
:
catch {entitydelete sample_stack_clientSSL@ORB}
entity sample_stack_clientSSL@ORB {
ssl_client true
tcp_client false
fs_client false
CA_file /h13/ssliop/toyCA/CAcert.pem
}
Note: The tcp_client and fs_client false force this to use an SSL connection.
Start server and client with
-ORBprofile <profile name> and to move to using comm server the server configuration should be:
catch {entitydelete sample_stackfsSSL@ORB}
entity sample_stackfsSSL@ORB {
tcp_server false
fs_server true
use_comm_server true
ssl_front_end JNCA
ssl_only true
}
Now, modify the configuration for JNCA in this form:
catch {entitydelete JNCA@comm_server}
entity JNCA@comm_server {
tcp_process $ZTC0
port_number 5400
ssl_port 5454
actual_ip_address <change_me>
host_name texas.txn.cpqcorp.net
ssl_cert_file /h13/ssliop/cs/cs.pem
ssl_pkey_file /h13/ssliop/cs/cs.pem
ssl_pkey_pswd /h13/ssliop/toyCA/password.txt
ssliop_default /h13/ssliop/toyCA
CA_file /h13/ssliop/toyCA/CAcert.pem
ssl_ciphers ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
}
where change_me is dot-separated IPv4 address like 172.31.41.151 or colon-separated IPv6 address like fe80::a00:8eff:fe06:d093.
Note: The .pem files are different, they could be the same as in the stack profile.
The
ssl_front_end key in the server configuration can take only the following values:
1. lsd1