CORBA 2.6 Administration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

IIOP/SSL Protocol

Enable the IIOP/SSL protocol when you want to secure communications between clients and servers. This protocol is appropriate whenever

you want to assure confidentiality, authenticate clients, and assure message integrity.

The following table shows the keys and values that are associated with the IIOP/SSL protocol:

Key Possible Values Default Value

ssl_client

true or false

false

ssl_only

true or false

false

ssl_port

Integer None

ssl_verify_peer

true or false

false

ssl_version

TLSv1 or SSLv3 or

SSLv2 or SSLv23

SSLv3

ssl_ciphers

See OpenSSL Cipher

List for Use with

ssl_ciphers

DEFAULT

ssl_cert_dir

OSS path

$nsd_root/ssliop/cacerts

ssl_cert_file

OSS path/filename

$nsd_root/ssliop/default/cert.pem

ssl_pkey_file

OSS path/filename

$nsd_root/ssliop/default/cert.pem

ssl_pkey_pswd

OSS path/filename

None. If ssl_sert_file is not set, then ssl_pkey_pswd will be set to

$NSD_ROOT/ssliop/default/certpswd.txt

ssl_front_end

lsd1 or csname

None

IIOP Protocol

Enable the IIOP protocol when you want TCP/IP to be used as the transport mechanism for requests and responses. A server in which the

IIOP protocol is used can be configured as a direct server or an indirect server. A direct server listens directly to the TCP/IP port. An indirect

server listens to the port by means of the Comm Server, which forwards requests to the actual server process.

To configure a direct server, define the server profile as follows:

Set use_comm_server to false.1.

Specify the server's host name and port number in the program profile. Give the host name as either an IP address in dot decimal form

or as a name that can be resolved to an IP address.

Specify the port numberthe TCP/IP port number on which the server process listens for requests. The value zero causes the ORB

component to automatically choose a port number.

(Optional) Specify the TCP process. The TCP process must be one that can service requests directed to the host name's IP address.4.

To configure an indirect server, define the server profile as follows:

Set use_comm_server to true.1.

Use the Pathsend protocol or the file system protocol.2.

The following table shows the keys and values that are associated with the IIOP protocol (tcp_server):

IIOP Protocol Keys and Values

Key Possible Values Default Value

tcp_process

Valid TCP process name

$ZTC0 No default for Parallel Library TCP/IP.

use_comm_server

true or false

false

host_name

Dot decimal IP address or host name that can be resolved to an IP

address

None

port_number

Integer None

Indirect Server Protocol Keys and Values

Key Value Default Operational Characteristics