CORBA 2.6.1 Administration Guide
or
SSLv2
or
SSLv23
are recommended.
SSLv2
and
SSLv23
are not
recommended, but are provided for completeness.
ssl_ciphers
Cipher list
follows this
table
DEFAULT ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
ssl_cert_file
OSS
path/filename
$NSD_ROOT/ssliop/default/cert.pem
Certificate file. (The certificate file may also contain the
private key.)
ssl_pkey_file
OSS
path/filename
$NSD_ROOT/ssliop/default/cert.pem
Private key file. (The private key file may also contain
the certificate.)
ssl_pkey_pswd
OSS
path/filename
None. If ssl_cert_file is not set, then
ssl_pkey_pswd will be set to
$NSD_ROOT/ssliop/default/certpswd.txt
Defines the file containing the password for the private
key file. If
ssl_pkey_pswd does not have a value, the
operator is prompted for the password.
truststore
OSS
path/filename
SSLIOP_DEFAULT/truststore followed by
the JSSE default trust manager and
its assumption of
$JREHOME/lib/security/jssecacerts and
then
$JREHOME/lib/security/cacerts
The file containing the trusted CA certificates.
truststore_pswd
OSS
path/filename
If truststore defaults to
SSLIOP_DEFAULT/truststore, the default
is
SSLIOP_DEFAULT/truststore_pswd
An OSS file containing the truststore file password.
The following keys and values can be used for either Java clients or servers.
Key Value Default Operational Characteristics
keystore
OSS
pathfile/filename
SSLIOP_DEFAULT followed by the JSSE default KeyManager
and its default keystore defined by the
javax.net.ssl.keyStore property.
The keystore file.
keystore_pswd
OSS
pathfile/filename
If keystore defaults to SSLIOP_DEFAULT/keystore, then the
default is
SSLIOP_DEFAULT/keystore_pswd. If keystore defaults to
the
javax.net.ssl.keyStore property, then the default
is
javax.net.ssl.keyStore property.
An OSS file containing the
keystore file password. If the
keystorePassword property is used,
it identifies the password.
truststore
OSS
path/filename
SSLIOP_DEFAULT/truststore followed by the JSSE default trust
manager and its assumption of
$JREHOME/lib/security/jssecacerts and then
$JREHOME/lib/security/cacerts
The file containing the trusted CA
certificates.
truststore_pswd
OSS
path/filename
If truststore defaults to SSLIOP_DEFAULT/truststore, the
default is
SSLIOP_DEFAULT/truststore_pswd
An OSS file containing the
truststore file password.
JSSE Keystore
The keystore is used to store the private key and matching certificate, in other words, the public key. JORB SSLIOP restricts the keystore to a
single alias, that is, a single private key and associated certificate chain. Restricting the keystore to a single alias makes using JSSE easier. This
restriction requires the password for the keystore to match the password for the private key in the keystore.
There are three JSSE keystore algorithms: JKS, JCEKS, and PKCS12. JORB SSLIOP selects the default algorithm that is configured using the
$JREHOME/lib/security/java.security file and setting the keystore.type entry to the selected keystore type. For example:
keystore.type=JCEKS.
The configuration of the keystore is done in the following order:
1. The
-ORBprofile values for the entity keys keystore and keystore_pswd.
2. The system properties that may be set on the program command line:
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.keyStoreType (optional)
JSSE Truststore
The truststore is used to store trusted CA certificates and is used when verifying the session peer's certificate.
There is one JSSE algorithm: SunX509. JORB SSLIOP selects the default algorithm that is configured using
the
$JREHOME/lib/security/java.security file and setting the ssl.TrustManagerFactory.algorithm entry to the selected keystore type. For