User guide

ManualsBrandsCisco ManualsComputer equipmentCTX2500

461

462

463

464

465

466

467

468

469

470

B-9

Cisco Transport Manager Release 9.2 GateWay/CORBA User Guide and Programmer Manual

OL-20937-01

Appendix B Server Administration and Configuration

B.12 Configuring Secure Socket Layer for CTM GateWay/CORBA

B.12 Configuring Secure Socket Layer for

CTM GateWay/CORBA

To ensure network security, CORBA calls can be made over Secure Socket Layer (SSL).

The current JacORB implementation is precompiled with JacORB security libraries. To configure SSL

for CTM GateWay/CORBA, you must set up a keystore and configure the properties in the client-side

jacorb.properties file.

The client must enforce SSL by modifying the jacorb.properties file. The server-side keystore is

generated using the JSSE keystore. CTM bundles a default keystore and a certificate for the

CTM GateWay/CORBA service.

As explained in the following sections, you must generate the server-side certificate and add it to the

client-side keystore; then generate and add the client-side certificate to the server-side keystore.

B.12.1 Generating the Server-Side Certificate

Step 1 Enter the keytool command to generate a keystore and a key:

keytool -genkey -alias gwcorba_service -validity 25000 -keystore gwcorba_service_ks

-storepass gwcorba_service_ks_pass -keypass gwcorba_service_ks_pass

What is your first and last name?

[Unknown]: gateway corba server

What is the name of your organizational unit?

[Unknown]:

What is the name of your organization?

[Unknown]: cisco

What is the name of your City or Locality?

[Unknown]:

What is the name of your State or Province?

[Unknown]:

What is the two-letter country code for this unit?

[Unknown]:

Is <CN=gateway corba server, OU=Unknown, O=cisco, L=Unknown, ST=Unknown, C=Unknown>

correct?

[no]: y

Step 2 Verify that the generated keystore and key have the following attributes:

Keystore name: gwcorba_service_ks

Alias: gwcorba_service

Keystore password: gwcorba_service_ks_pass

Key password: gwcorba_service_ks_pass

Validity: 25000 days

Step 3 Enter the following command to generate a server-side certificate that will be issued to the client:

keytool -export -keystore gwcorba_service_ks -alias gwcorba_service -storepass

gwcorba_service_ks_pass -file gwcorba_service_cert

Certificate stored in file <gwcorba_service_cert>

Step 4 Verify that the certificate is stored in the gwcorba_service_cert file. The server-side certificate and

keystore are present in the /opt/CiscoTransportManagerServer/cfg directory.