Manualshelf

CORBA 2.6.1 Administration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
2. csname(commserver name)
If you want to extend this to include ILSD or LSD you should modify the client profile to:
catch {entitydelete sample_stack_clientSSL@ORB}
entity sample_stack_clientSSL@ORB {
ssl_client true
tcp_client true
fs_client false
CA_file /h13/ssliop/toyCA/CAcert.pem
}
which would allow the ILSD and LSD traffic to pass in the clear but keep the user data encrypted.
The following configuration for
iLSD is required when the NamingServcie is configured to use secure services for TCP/IP connections that is, the
NonStop is configured to use the secure
LSD or secure commserver. To encrypt iLSD you should modify the configuration to:
catch {entitydelete ilsd1@ORB}
entity ilsd1@ORB {
tcp_process $ZTC0
port_number 5403
tcp_server true
host_name texas.txn.cpqcorp.net
ssl_port 5453
ssl_cert_file /h13/ssliop/ilsd/ilsd.pem
ssl_pkey_file /h13/ssliop/ilsd/ilsd.pem
ssl_pkey_pswd /h13/ssliop/toyCA/password.txt
CA_file /h13/ssliop/toyCA/CAcert.pem
ssl_ciphers ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
ssl_client true
}
To encrypt LSD you should modify the configuration to:
catch {entitydelete lsd1@ORB}
entity lsd1@ORB {
tcp_process $ZTC0
port_number 5401
tcp_server true
host_name texas.txn.cpqcorp.net
ssl_port 5451
ssl_cert_file /h13/ssliop/ilsd/ilsd.pem
ssl_pkey_file /h13/ssliop/ilsd/ilsd.pem
ssl_pkey_pswd /h13/ssliop/toyCA/password.txt
CA_file /h13/ssliop/toyCA/CAcert.pem
ssl_ciphers ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
}
Also, modify the server configuration, the ssl_front_end should set to lsd1.
catch {entitydelete sample_stackfsSSL@ORB}
entity sample_stackfsSSL@ORB {
tcp_server false
fs_server true
use_comm_server true
ssl_front_end lsd1
ssl_only true
}
One or more of the commservers should match SSL server configuration for the LSD to forward connections.
catch {entitydelete JNCA@comm_server}
entity JNCA@comm_server {
tcp_process $ZTC0
port_number 5400
ssl_port 5454
actual_ip_address <change_me>
host_name texas.txn.cpqcorp.net
ssl_cert_file /h13/ssliop/cs/ilsd.pem
ssl_pkey_file /h13/ssliop/cs/ilsd.pem
ssl_pkey_pswd /h13/ssliop/toyCA/password.txt
CA_file /h13/ssliop/toyCA/CAcert.pem
ssl_ciphers ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
}
where, change_me is dot separated IPv4 address like 172.31.41.151 or colon separated IPv6 address like fe80::a00:8eff:fe06:d093.
NonStop CORBA includes a special
env.sh file and a set of scripts that create a private CA. The scripts can be used to demonstrate the