KB Template Summary Configuring new SSL Certificates How to configure SSL Certificates Using SSL Certificates Replacing demo certificates with secure certificates Environment Orbix 3.3 All supported platforms Question/Problem Description This article described the configuration settings required to use SSL certificates in an Orbix 3.3 environment Resolution The Orbix 3.3 SSL configuration settings can be found in the file: Orbix Home /config/orbixssl.cfg In particular, the following three configuration variables set the location of the new certificates and trusted CA list: IT_CERTIFICATE_PATH Specifies the directory in which the certificate file is stored in the file system. IT_CERTIFICATE_FILE Specifies the name of the server’s certificate file. IT_CA_LIST_FILE Specifies a list of CAs that the application should trust. The above variables should be set inside the relevant scope for your application\service. The name of this scope can be set in the server application's code, using the operation "IT_SSL::initScope()". We will now consider three different scenarios: - Making Private Keys Available to Server applications - Making a Private Keys Available to Orbix servers - Making a Private Keys Available to the Orbix Daemon Making Private Keys Available to Server applications By default, Orbix SSL expects the private key associated with a certificate to be appended to the certificate file. That is, the private key should be stored in encrypted Privacy Enhanced Mail (PEM) format. Please see the Orbix SSL demonstration certificates for an example of certificates with appended private keys in this format. Making a Private Key Available to Orbix Naming Service The Orbix Naming Service requires that the private key associated with a certificate is available in a separate file. The private key can also be appended to the certificate file, but the Orbix Naming Service ignores this appended key. The separate private key associated with the certificate, is specified with the configuration variable "IT_PRIVATEKEY_FILE" Making a Private Key Available to the Orbix Daemon As with other processes, the certificate used by the Orbix Daemon is set using the configuration variable "IT_CERTIFICATE_FILE". The pass-phrase used by the Orbix Daemon for its certificate is set with the utility "update". For example, on UNIX use the following command: update orbixd "passphrase" 0 On Windows, use the following command: update orbixd.exe "passphrase" 0
↧