During the installation, each application is configured to do the following:
Support cipher suites that require server authentication.
Do not require client authentication.
Find the private keystore in the N1SPS5.2-home/app/data/private.store file.
Find the trust keystore in the N1SPS5.2-home/app/data/trust.store file.
Supply empty passwords for each keystore.
You can change the SSL configuration of each application to perform the following security checks:
Selectively enable cipher suites on each application
You can explicitly specify which cipher suites to enable. If unspecified, the reference implementation uses the cipher suites that are enabled by default. The default cipher suites enabled by the reference implementation require server authentication. For the list of supported cipher suites, see SSL Cipher Suites.
Specify that the application authenticates the SSL clients that are connecting to it
Specify the location and password of the private and trust keystores
To enable authentication, you must initialize the keystores after installation of the application.
(Optional) Manually edit the config.properties file to change the SSL configuration.
The following table lists the settings in the config.properties file that are related to SSL configurations. Change the parameters based on the type of SSL connectivity you want to use.
Parameter |
Default Value |
Description |
---|---|---|
net.ssl.cipher.suites |
SSL_RSA_WITH_3DES_EDE_CBC_SHA |
A comma separated list of SSL cipher suites to enable. For a list of supported SSL Cipher suite, see SSL Cipher Suites. |
net.ssl.client.auth |
false |
Specifies whether the SSL server should authenticate clients that are connecting to it. |
net.ssl.key.store.pass |
|
The keystore password. Required in some instances. See the following for more information. |
The net.ssl.key.store.pass parameter specifies the SSL keystore password for an Sun N1 Service Provisioning System 5.2 application. Use this parameter when you configure an application with SSL keystores and you do not want to be prompted for the passwords to the keystore when you start the application. You must specify this parameter in the following instances:
When you setup the Sun N1 Service Provisioning System applications to start automatically when the system boots
On Windows servers, Sun N1 Service Provisioning System applications do not prompt for keystore passwords, so this parameter must be specified for any applications configured to use SSL on Windows servers.
The CLI application does not prompt for keystore passwords, so this parameter must be specified for any CLI Clients that you configure to use SSL.
If a Local Distributor is connected to its parent through an SSH connection, the Local Distributor cannot prompt for passwords.