Login
    Contenu x
    Securing Replication Connections With SSL
    • 06 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Securing Replication Connections With SSL

    • Mis à jour le 06 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    You can enable SSL to protect replication connections. Enabling and configuring SSL for replication connections will require your server's SSL certificate and its corresponding private key password (if you set one).

    For more information about SSL certificates, see Encrypted communication.

    Before you begin

    To use SSL for replication connections you need the following:

    • The SSL certificate of the source server and its corresponding private key password (if you set one).
    • The SEAL SSL certification authority (CA) file of the destination server. This specific certification authority (CA) file is required since replication connections use the SEAL communicator module.
    • To grant write access to the certification authority (CA) file to the user vasco-ias and the group vasco, if you are using Linux.
    • The Configuration Utility installed.

    Configuring SSL for replication connections

    To enable and configure SSL for replication connections

    1. Launch the Configuration Utility.
    2. Click the Replication icon to switch to the Replication Settings.
    3. Switch to the Destination Servers tab.
    4. Select an existing destination server and click Edit or click Add to add a new server.
    5. Select the Use SSL checkbox to enable SSL.

    6. Configure SSL for all connections to the destination server:

      1. Click Browse (...) next to the SSL Certificate box and select the SSL server certificate of the source server.
      2. If required, type the password for the certificate file in the SSL Private Key Password box.

      3. Configure the SEAL certificate authority file of the destination server by doing one of the following:

        • Click Browse (...) next to the CA Certificate Store box and select the SEAL certification authority (CA) file of the destination server.

          By default, this file is named ikey_seal_serverca.pem.

        • Select the Automatically Trust Certificates checkbox to configure the server to automatically trust the specified destination server.

          If you select this option, you do not need to copy the SEAL certification authority (CA) file of the destination server to the source server, but specify an empty (local) file. Whenever the source server establishes a replication connection to the destination server, the source server retrieves the SEAL certification authority (CA) details from the destination server and stores them in the specified empty file.

          The Automatically Trust Certificates option does not disable certificate verification for replication connections. It only guarantees certificate verification by copying the necessary certificate details beforehand (during each connection).

    7. Click OK.
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle