C.4. Using Unencrypted Connections to the SGD Array

By default, connections between the SGD Gateway and the SGD servers in the array are secured using Secure Sockets Layer (SSL). This means that AIP over SSL data uses TCP port 5307, and HTTPS data uses TCP port 443.

To use unencrypted connections between the SGD Gateway and the SGD servers in the array, see Section C.4.1, “Configuring the Gateway to Use Unencrypted Connections to the SGD Array”.

For unencrypted connections, AIP data uses TCP port 3144, and HTTP data uses TCP port 80.

C.4.1. Configuring the Gateway to Use Unencrypted Connections to the SGD Array

This procedure describes how to reconfigure a Gateway deployment to use unencrypted connections.

  1. Modify the Gateway configuration to use unencrypted connections to the SGD array.

    # gateway config create
    Note

    This command overwrites the current configuration of the Gateway.

    When prompted whether to secure the connections between the Gateway and the SGD servers in the array, enter n.

  2. Remove any previously registered SGD servers for the Gateway.

    # /opt/SUNWsgdg/bin/gateway server remove --server sgd.example.com        

    where sgd.example.com is the name of the SGD server.

    The CA certificate and SSL certificate for the SGD server are removed from the Gateway keystore.

  3. Ensure that the SGD servers in the array are configured to use standard, unencrypted connections.

    Run the following command on each SGD server in the array to turn off SGD security services.

    # tarantella security disable
  4. Register the SGD servers in the array with the Gateway.

    # /opt/SUNWsgdg/bin/gateway server add --server sgd.example.com \
    --certfile PeerCAcert.pem \
    --url http://sgd.example.com   

    This example adds the CA certificate PeerCAcert.pem to the SGD Gateway keystore, using the alias sgd.example.com. The URL of the SGD web server is http://sgd.example.com.

  5. Restart the Gateway.

    # /opt/SUNWsgdg/bin/gateway restart