CORBA 2.6 Administration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
101
102
103
104
105
106
107
108
109
110
Chapter 6. Configuring Security Features
 
 
 
Chapter 6. Configuring Security Features
IIOP/SSL Transport Protocols
Configuring and Managing Private Keys and Certificates
profile in env.sh
newca Script
newreq Script
signreq Script
pkcs12 Script
Configuring and Managing Security Unaware Applications
Modifying the NonStop CORBA Configuration
Configuring and Managing Security Aware Applications
Operation with Comm Server, LSD, and Naming Service
Before you begin to use NonStop CORBA 2.6 security features you must have installed the IIOP/SSL option for NonStop CORBA
2.6.
Note: IIOP/SSL features work only with the C++ ORB.
Note: When certain servers are configured to use SSL, the Console cannot be used to manage your NonStop CORBA
configuration. You must use the command line tools to manage NonStop CORBA when IIOP/SSL is configured.
IIOP/SSL Transport Protocols
The installer does not enable IIOP/SSL by default. To enable IIOP/SSL, you need to set the IIOP/SSL transport protocols in the
configuration database, either by using the Console or the Configuration Management Tool. The protocol keys, values, defaults, and
operational characteristics are listed in Configuration Database Entities in this manual. See the NonStop CORBA 2.6 Programmer's
Guide for C++ for considerations about using these protocols in application design.
Configuring and Managing Private Keys and Certificates
Security administrators may need to create certificates that are signed by a recognized Certificate Authority (CA) vendor, so that
clients will trust the server certificates. Before starting, a business agreement must exist with a CA vendor who will provide the
authorization service.
To create and install the certificates, the administrator must:
Create a public and private key pair with the private key encrypted and the public key in a CSR file.● 
Deliver the CSR file to chosen CA vendor.● 
Receive the signed certificate and the supporting certificate chain in the PKSC#12 format.● 
Install the PKSC#12 file on your NonStop CORBA system at a location of your choosing. There is no default location.● 
Application developers or administrators may also wish to create a private keys and certificates, to test applications, or to export
private keys and certificates to use with other vendors' SSL implementations.
This document assumes you know standard SSL. If you are not familiar with creating certificates, consult standard SSL references or
the NonStop OSS SSL/TLS Programmer's API Suggestions and Examples, available at http://oss.atc-compaq.com.
NonStop CORBA includes a special env.sh file and a set of scripts that create a private CA. The scripts can be used to demonstrate