How to Configure SSL Authentication Between a CLI Client and Master Server

Steps

1. Install the Master Server and the CLI Client and select SSL when the installation program prompts you to select a connection type. When prompted to select a cipher suite, select encryption with authentication.

2. Generate a key pair for the Master Server and store it in the private store for the Master Server.

   % server/bin/crkeys –private –generate –alias mshostname.cr.com –validity 365

3. Generate a key pair for the CLI Client and store it in the private store for the CLI Client.

   % cli/bin/crkeys -private -generate -alias clihostname.cr.com.cr.com -validity 365

4. Export the self-signed certificate from the private store for Master Server private store into a file.

   % server/bin/crkeys –private –export –file ms.cert –alias mshostname.cr.com

5. Copy the Master Server self-signed certificate to the CLI Client.

6. Import the self-signed certificate into CLI Client trust store.

   % cli/bin/crkeys –trust –import –file ms.cert –alias mshostname.cr.com

7. Export the self-signed certificate from the private store for CLI Client into a file.

   % cli/bin/crkeys -private -export -file cli.cert -alias clihostname.cr.com

8. Copy the CLI Client self-signed certificate to the Master Server.

9. Import the self-signed certificate into the Master Server trust store.

   % server/bin/crkeys -trust -import -file cli.cert -alias clihostname.cr.com

10. If the Master Server is running, stop the Master Server.

11. Start the Master Server.

12. Provide the key store password for the Master Server.

13. On the CLI Client, edit the config.properties file to include the following line.

    net.ssl.key.store.pass=trust-store-password

14. Run a CLI Client command to verify the connection.