|
Communication Security
The client can connect to the server in secure mode. The connection
mode is determined by the secure flag specified when creating
the ServerContext.
A secure connection has the following characteristics:
- The server is authenticated. This means that if a client establishes
a connection to the host 'yourdomain.com' it is practically
impossible for an attacker to steal your server identity and accept client
connections instead of your legitimate server in order to steal passwords
and client information. The server authentication is accomplished using
public key cryptography. It is the administrator's responsability to
install a SSL certificate on the server.
- The messages that are exchanged between the client and the server
are encrypted.
- A message digest is appended to each exchanged message. The message digest
is used to verify the integrity of the message in order to prevent attackers
to send false messages either to the client or server.
In order to enable communication security it is enough to install a server certificate.
Request an SSL certificate from a Certificate Authority and import the certificate
into the Java kestore file
IRIS_HOME/server/security/PrivateKey.keystore
under the alias local.
The password of the keystore must be password. Use the Java keytool
command to import the certificate:
keytool -import -file certificate_file.cert -alias local -keypass password \
-keystore PrivateKey.keystore -storepass password
The server will look for the certificate at startup and enable communication security.
The same server certificate will be used by the HTTPS service for creating SSL connections.
The HTTPS service is enabled by configuring the HTTPS port in the server configuration file
IRIS_HOME/server/cfg/config.properties.
| 
