Configuring SSL

During the installation, each application is configured to do the following:

• Support cipher suites that require server authentication.

• Do not require client authentication.

• Find the private key store in the N1SPS4.1-home/app/data/private.store file.

• Find the trust key store in the N1SPS4.1-home/app/data/trust.store file.

• Supply empty passwords for each key store.

You can change the SSL configuration of each application to perform the following security checks:

• Selectively enable cipher suites on each application.

  You can explicitly specify which cipher suites to enable. If unspecified, the reference implementation uses the cipher suites that are enabled by default. The default cipher suites enabled by the reference implementation require server authentication. For the list of supported cipher suites, see SSL Cipher Suites.

• Specify that the application authenticate the SSL clients connecting to it.

• Specify the location and password of the private key and trust stores.

To enable authentication, you must initialize the key stores after installation of the application.

How to Configure SSL

Step

1. Manually edit the config.properties file to change the SSL configuration.

   The following table lists the settings in the config.properties file that are related to SSL configurations. Change the parameters based on the type of SSL connectivity you want to use.

   Parameter	Default Value	Description
   net.ssl.cipher.suites	SSL_RSA_WITH_3DES_EDE_CBC_SHA	A comma separated list of SSL cipher suites to enable. For a list of supported SSL Cipher suite, see SSL Cipher Suites.
   net.ssl.client.auth	false	Specifies whether the SSL server should authenticate clients connecting to it.
   net.ssl.trust.store.path	N1SPS4.1–home/data/trust.store	The path to the trust key store. The key store that contains the public keys of the nodes that are allowed to connect to this node.
   net.ssl.private.store.path	N1SPS4.1–home/data/private.store	The path to the private key store. The key store that contains the public-private key pairs that this node uses to authenticate itself to other nodes.
   net.ssl.key.store.pass		The key store password.