ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

Similar documents
Attunity RepliWeb SSL Guide

RDS Directory Synchronization. SSL Guide

Configuring and Monitoring AS400 Servers. eg Enterprise v5.6

MaaS360 Cloud Extender

AvePoint High Speed Migration Supplementary Tools

BackupAssist SQL Add-on

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Instant Chime for IBM Sametime Quick Start Guide

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Configuring and Monitoring SysLog Servers

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

Serv-U Distributed Architecture Guide

TaskCentre v4.5 MS SQL Server Trigger Tool White Paper

StarterPak: Dynamics CRM Opportunity To NetSuite Sales Order

ScaleIO Security Configuration Guide

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway

How To Upgrade A Crptocard To A 6.4 Migratin Tl (Cpl) For A 6Th Generation Of A Crntl (Cypercoder) On A Crperd (Cptl) 6.

Configuring and Integrating LDAP

Cloud Services MDM. Windows 8 User Guide

TaskCentre v4.5 Send Message (SMTP) Tool White Paper

April 3, Release Notes

Introduction to Mindjet MindManager Server

LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide

Junos Pulse Instructions for Windows and Mac OS X

User Manual Brainloop Outlook Add-In. Version 3.4

Learn More Cloud Extender Requirements Cheat Sheet

Adobe Sign. Enabling Single Sign-On with SAML Reference Guide

TaskCentre v4.5 SMTP Tool White Paper

iphone Mobile Application Guide Version 2.2.2

Configuring and Monitoring Network Elements

SQL 2005 Database Management Plans

TaskCentre v4.5 File Transfer (FTP) Tool White Paper

SaaS Listing CA Cloud Service Management

StarterPak: Dynamics CRM On-Premise to Dynamics Online Migration - Option 2. Version 1.0

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

WatchDox Server Administrator's Guide

Security Guidance ArcGIS Server 9.3 Windows Security Requirements

Serv-U Distributed Architecture Guide

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Installation Guide Marshal Reporting Console

Click Studios. Passwordstate. RSA SecurID Configuration

GUIDANCE FOR BUSINESS ASSOCIATES

Uninstalling and Reinstalling on a Server Computer. Medical Director / PracSoft

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

STIOffice Integration Installation, FAQ and Troubleshooting

Implementing SQL Manage Quick Guide

NETWRIX CHANGE NOTIFIER

Cloud Services Frequently Asked Questions FAQ

AccessData Corporation AD Lab System Specification Guide v1.1

Employee Self Service (ESS) Quick Reference Guide ESS User

Click Studios. Passwordstate. SafeNet Two-Factor Configuration

Helpdesk Support Tickets & Knowledgebase

Deployment Overview (Installation):

WatchDox for Windows User Guide

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation User Guide

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.

The Relativity Appliance Installation Guide

Installation Guide Marshal Reporting Console

Ten Steps for an Easy Install of the eg Enterprise Suite

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Configuring SSL and TLS Decryption in ngeniusone

CallRex 4.2 Installation Guide

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

IMT Standards. Standard number A GoA IMT Standards. Effective Date: Scheduled Review: Last Reviewed: Type: Technical

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

Telelink 6. Installation Manual

Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010

Setup PPD IT How-to Guides June 2010

Treasury Gateway Getting Started Guide

SITE APPLICATIONS USER GUIDE:

FINRA Regulation Filing Application Batch Submissions

Access the SQLsafe Release Notes

KronoDesk Migration and Integration Guide Inflectra Corporation

Copyright 2013, SafeNet, Inc. All rights reserved. We have attempted to make these documents complete, accurate, and

Remote Setup and Configuration of the Outlook Program Information Technology Group

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

Diagnostic Manager Change Log

CSAT Account Management

Readme File. Purpose. What is Translation Manager 9.3.1? Hyperion Translation Manager Release Readme

Alexsys Team 2 Service Desk

Pexip Infinity and Cisco UCM Deployment Guide

Ensuring end-to-end protection of video integrity

ICD-10 Handbook APPLICATION MANUAL

Citrix XenServer from HP Getting Started Guide

1 GETTING STARTED. 5/7/2008 Chapter 1

Software Distribution

Connector for Microsoft Dynamics Installation Guide

This guide is intended for administrators, who want to install, configure, and manage SAP Lumira, server for BI Platform

DocAve for Salesforce 3.1

Datawatch Server Administrator's Guide

Transcription:

ROSS RepliWeb Operatins Suite fr SharePint SSL User Guide Sftware Versin 2.5 March 18, 2010 RepliWeb, Inc., 6441 Lyns Rad, Ccnut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: inf@repliweb.cm, Supprt: http://supprt.repliweb.cm

Cpyright 2009 RepliWeb Inc., All Rights Reserved The infrmatin in this manual has been cmpiled with care, but RepliWeb, Inc. makes n warranties as t its accuracy r cmpleteness. The sftware described herein may be changed r enhanced frm time t time. This infrmatin des nt cnstitute a cmmitment r representatin by RepliWeb and is subject t change withut ntice. The sftware described in this dcument is furnished under license and may be used and/r cpied nly in accrdance with the terms f this license and the End User License Agreement. N part f this manual may be reprduced r transmitted, in any frm, by any means (electrnic, phtcpying, recrding r therwise) withut the express written cnsent f RepliWeb, Inc. Windws, Windws XP and Windws Vista are trademarks f Micrsft Crpratin in the US and/r ther cuntries. Any ther prduct r cmpany names referred t in this dcument may be the trademarks f their respective wners. Please direct crrespndence r inquiries t: RepliWeb, Inc. 6441 Lyns Rad Ccnut Creek, Flrida 33073 USA Telephne: (954) 946-2274 Fax: (954) 337-6424 Sales & General Infrmatin: Dcumentatin: Technical Supprt: Website: inf@repliweb.cm dcs@repliweb.cm http://supprt.repliweb.cm http://www.repliweb.cm ii

Table f Cntents 1. OVERVIEW... 1 2. SSL INTRODUCTION... 2 CONFIDENTIALITY... 2 INTEGRITY... 2 AUTHENTICATION... 2 3. SSL TERMINOLOGY... 3 PUBLIC KEY CRYPTOGRAPHY... 3 DIGITAL CERTIFICATES... 3 CERTIFICATE AUTHORITY... 4 SSL HANDSHAKE... 4 4. SSL IN ROSS... 5 GUI... 5 CLI... 8 USING ROSS DEFAULTS... 9 5. COMMON SSL CONFIGURATIONS... 10 CENTER AUTHENTICATING THE CONSOLE... 10 Cnsle Authenticatin... 10 MUTUAL CENTER-EDGE AUTHENTICATION... 14 Center (Client) Settings... 15 Edge (Server) Settings... 16 CENTER AUTHENTICATING THE CONSOLES AND EDGES... 18 Cnsle-Center Cmmunicatin... 18 Center-Edge Cmmunicatin... 22 6. MULTIPLE TRUSTED CERTIFICATE AUTHORITIES... 1 USING A MULTIPLE APPROVED CA FILE... 1 iii

1. Overview ROSS ffers the fllwing SSL features: Three levels f certificate authenticatin: Certificate level, Cmmn Name, Nne A chice f strng encryptin ciphers Private key-phrase prtectin SSL cmmunicatin is supprted bth fr Cnsle Center cmmunicatin and Center Edge cmmunicatin. In a typical SSL sessin, the Server presents its digital certificate t the Client and the Client, in turn, presents the Server with its wn digital certificate. T successfully negtiate an SSL cnnectin, the Client and the Server must authenticate each ther. This type f authenticatin is referred t as mutual authenticatin. Bth the Client and the Server are required t have digital certificates frm trusted certificate authrities. When using mutual authenticatin, bth the Server and the Client need private keys and digital certificates that represent their identity. This type f authenticatin restricts access t trusted clients nly. Figure 1 SSL Tplgy Using ROSS fr Cnsle Center with SSL cmmunicatin, the Cnsle is the Client and the Center is the Server. Fr Center Edge SSL cmmunicatin (during a replicatin prcess), the Center is the Client and the Edge is the Server. NOTE: Using SSL cnnectin fr bth Cnsle Center and Center Edge, the Center needs t be cnfigured twice: nce as an SSL Server and nce as an SSL Client. 1

2. SSL Intrductin ROSS SSL prtcl prtects yur data frm tampering and prvides the fllwing security features: Cnfidentiality Integrity Authenticatin Cnfidentiality Cnfidentiality is the ability t keep cmmunicatins secret frm parties ther than the intended recipient. It is achieved by encrypting data with strng algrithms. The SSL prtcl prvides a secure mechanism that enables tw cmmunicating parties t negtiate the strngest algrithm they bth supprt and t agree n the key with which t encrypt the data. Integrity Integrity is a guarantee that the data being transferred has nt been mdified in transit. The same handshake mechanism, which allws the tw parties t agree n algrithms and keys, als allws the tw ends f an SSL cnnectin t establish shared data integrity secrets, which are used t ensure that when data is received any mdificatins will be detected. Authenticatin Authenticatin is the ability t ascertain with whm yu are speaking. By using digital certificates and public key security, ROSS client and server applicatins can each be authenticated t the ther. This allws the tw parties t be certain they are cmmunicating with smene they trust. The SSL prtcl prvides secure cnnectins by allwing tw applicatins cnnecting ver a netwrk cnnectin t authenticate the ther's identity and by encrypting the data exchanged between the applicatins. When using the SSL prtcl, the target always authenticates itself t the initiatr. Encryptin makes data transmitted ver the netwrk intelligible nly t the intended recipient. An SSL cnnectin begins with a handshake during which the applicatins exchange digital certificates, agree n the encryptin algrithms t use, and generate encryptin keys used fr the remainder f the sessin. The SSL prtcl uses public key encryptin fr authenticatin. 2

3. SSL Terminlgy The fllwing terms and cncepts are used in this dcument. Public Key Cryptgraphy Public-key cryptgraphy - als knwn as asymmetric cryptgraphy - uses a pair f keys that wrk tgether t fulfill ne r bth f the fllwing functins: Encrypt and decrypt infrmatin Sign and verify digital signatures One key is freely distributed (the public key) while the ther key (the private key) is kept secret. The sender uses the public key t encrypt messages t the recipient. The recipient uses his r her private key t decrypt messages frm the sender. Similarly, the sender may use his r her private key t sign a digital signature. The recipient uses his r her public key t verify the authenticity f the sender s signature. The private key will nly wrk with its crrespnding public key. Digital Certificates Digital certificates are electrnic dcuments used t uniquely identify entities ver netwrks such as the Internet. A digital certificate securely binds the client/server identity, as verified by a trusted third party knwn as a certificate authrity (CA), t a particular public key. The cmbinatin f the public key and the private key prvides a unique identity t the wner f the digital certificate. Digital certificates prvide cnfirmatin that a specific public key des in fact belng t the sender. A recipient f a digital certificate can use the public key cntained in the digital certificate t verify that a digital signature was created with the crrespnding private key. If the verificatin is successful, the recipient can be certain that the crrespnding private key belngs t the subject named in the digital certificate, and that the digital signature was created by that particular subject. A digital certificate typically includes a variety f infrmatin, such as: The name f the subject (hlder, wner) and ther identificatin infrmatin required t identify the subject, such as the hstname f the nde using the digital certificate (in the Cmmn Name field), r an individual's email address. The subject's public key. The name f the certificate authrity that issued the digital certificate. A serial number. The validity perid f the digital certificate (defined by a start date and end date). 3

SSL Terminlgy Certificate Authrity Digital certificates are issued by a Certificate Authrity (CA). Any trusted third-party rganizatin r cmpany that is willing t vuch fr the identities f thse t whm it issues digital certificates and public keys can be a certificate authrity. When a certificate authrity creates a digital certificate, the certificate authrity signs it with its private key, t ensure the detectin f tampering. The certificate authrity then returns the signed digital certificate t the requesting subject. The subject can verify the digital signature f the issuing certificate authrity by using the public key f the certificate authrity. The certificate authrity makes its public key available by prviding a digital certificate issued frm a higher-level certificate authrity attesting t the validity f the public key f the lwer-level certificate authrity. Thus, digital signatures establish the identities f cmmunicating entities, but a digital signature can be trusted nly t the extent that the public key fr verifying the digital signature can be trusted. SSL Handshake The SSL handshake establishes the encrypted cnnectin. This is accmplished in part by mutual authenticatin whereby the client authenticates itself t the server and the server authenticates itself t the client. Authenticatin invlves digital certificates, which emply public-key encryptin techniques. During the SSL handshake, the server and client exchange a symmetric sessin key. The sessin key itself is encrypted using public-key techniques, s nly the intended recipient can decrypt it. 4

4. SSL in ROSS ROSS uses OpenSSL t enable Encryptin and Authenticatin fr: Cnsle Center cmmunicatin effective fr ROSS Cnsle Center, RTM Cnsle RTM Organizer and RTM Cnsle RTM Hst. Center Edge cmmunicatin effective fr LFA transfer replicatin and distributin jbs. SSL sessins can be cnfigured using RTM GUI and Manage / Center r Manage / Cnsle SSL Settings n the Cnsle GUI user interfaces. NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle n each f the Centers and Edges, and nt ver the netwrk. GUI NOTE: Only users with Administrative Grup Privileges n the Center may cnfigure SSL settings. T access the SSL windw: Frm the ROSS Cnsle GUI, select Manage / Center / SSL. 5

SSL in ROSS 6 Figure 2 SSL Cnfiguratin NOTE: Use default certificate and key prvided with ROSS t cnfigure and test SSL cmmunicatin. Hwever, fr prductin envirnment, it is recmmended t use certificates prvided by a Certificate Authrity (CA). Internal Tabs Select ne f the fur end-pints t cnfigure. Cnsle (Client) Cnfigure the Client in a Cnsle Center cmmunicatin. Center / RTM Organizer / RTM Hst (Server) Cnfigure the Server in a Cnsle Center cmmunicatin. Center (Client) Cnfigure the Client in a Center Edge replicatin prcess cmmunicatin. Edge (Server) Cnfigure the Server in a Center Edge replicatin prcess cmmunicatin. Lcal Certificate Specify hw the machine being cnfigured intrduces itself in the Authenticatin stage. Use Alternate Files Specify the Certificate and Key file names t be used. If unselected default certificate, private key and private key phrase will be used. If selected, the fllwing will be used: Certificate Specify the full path t the CA Certificate file.

SSL in ROSS Private Key Specify the full path t the private key file. Private Key Phrase Specify the passwrd t read the private key file. The key phrase is kept encrypted and hidden. NOTE: The Private Key Phrase is kept encrypted fr each Windws Lgin user separately. Other Side Authenticatin Specify hw the machine being cnfigured verifies the ther side in the Authenticatin stage. Authenticate Using Select the authenticatin type that will take place: Certificate Authenticate the ther end using a certificate. Certificate + Name Authenticate the ther end by using a certificate and the Cmmn name written in certificate. Server / Client Cmmn Name When using authenticatin by name this name will be expected in the ther end s certificate. Nne D nt authenticate the ther end. The SSL sessin will use encryptin but nt authenticatin. This ptin is nly available in Cnsle Center cmmunicatin. NOTE: Authenticating the ther side using Certificate r Certificate + Name, the ther side has t have the Lcal certificate / Use Files ptin selected. Use Apprved CA - If unselected - default certificate, private key and private key phrase will be used. If selected, the fllwing will be used: CA File: Specify the full path t a file cntaining trusted certificate authrities inf CA Dir: Specify the full path t a directry cntaining trusted certificate authrities files. Encryptin Select the encryptin type t use during the SSL sessin: DES - DES (Data Encryptin Standard) applies a 56-bit key t each 64-bit blck f data. 3DES - Triple DES RC2 - RC2 (Rivet s Cipher 2) is a variable key-size blck cipher. RC4 - RC4 is a variable key-size blck cipher with a key size range f 40 t 128 bits. It is faster than DES and is exprtable with a key size f 40 bits. Use Server Defaults - The encryptin type is selected by the server autmatically. NOTE: Encryptin can be set in Client side nly. 7

SSL in ROSS CLI Using the CLI, use the apprpriate qualifier t specify SSL usage: Cnsle Center cmmunicatin: -center_ssl -ncenter_ssl Specify t ROSS that all cmmunicatin t the Center will be ver SSL. Center Edge cmmunicatin effective fr transfer replicatin and distributin jbs. -ssl -nssl qualifier in the submit cmmand. Specify t ROSS that all cmmunicatin with the Edges will be ver SSL. NOTE: The CLI cannt be used t set SSL prperties. This can nly be perfrmed using the GUI. 8

SSL in ROSS Using ROSS Defaults Sample key files and certificates are lcated in the fllwing default directries: ~\RepliWeb\RDS\Cnfig\SSL The files are: Client certificate Client private key file Server certificate Server private key file Trusted CA (RepliWeb) certificate Key Phrases fr default private keys are: Client private key phrase Server private key phrase Cmmn Names: Client Cmmn Name Server Cmmn Name rds_client_cert.pem rds_client_key.pem rds_server_cert.pem rds_server_key.pem trusted_ca_cert.pem rdsclient rdsserver RDSClient RDSServer Default Certificates directry is lcated in: ~\RepliWeb\RDS\Cnfig\SSL\Cert These directries may be used fr using Multiple Apprved CA Path ptin. They cntain the files required fr this ptin. NOTE: Key Phrases and Cmmn Names are case sensitive. 9

5. Cmmn SSL Cnfiguratins This chapter explains in detail what prperties need t be set fr cmmn SSL cnfiguratins. Center Authenticating the Cnsle In this cnfiguratin, the Center authenticates all Cnsles cnnecting t it. Figure 3 Center Authenticating Cnsle & Edges The cnfiguratin steps are as fllws: 1. Set the Cnsle and Center SSL fr Cnsle Authenticatin. 2. Test the Cnsle cnnectin using SSL by pening the Cnsle GUI, and cnnecting t the Center. Cnsle Authenticatin Set the Cnsle and Center SSL fr Cnsle Authenticatin, and then verify settings by cnnecting t the Center using the Cnsle GUI. 10

Cmmn SSL Cnfiguratins Cnsle (Client) Settings 1. On the Cnsle machine create a directry t include the fllwing files: Certificate file identifying the Cnsle (Client). Private Key file that matches the Certificate file. 2. Using the Cnsle GUI, select ptin: Manage / Cnsle SSL Settings. This ptin can be perfrmed while the Cnsle is nt cnnected t any Center (ffline). If cnnected t a Center, using the Cnsle GUI, select ptin: Manage / Center / SSL tab: T cnfigure the machine the Cnsle is currently running n: Cnnect t lcalhst. T cnfigure a remte Cnsle: Cnnect t the remte Center n that machine Lcal Certificate the Cnsle (Client) will be authenticated using the fllwing: Select Use Alternate Files Brwse t the client Certificate and Private Key files cpied earlier. Enter Private key Phrase. Using the default ROSS files, the key phrase is: rdsclient Other Side Authenticatin The Cnsle is nt authenticating the Center, hence fields are left blank. Authenticate Using: Nne Leave Use Apprved CA unselected. Encryptin: Select any value 3. Click Save. 11

Cmmn SSL Cnfiguratins Center RTM Organizer/Hst (Server) Settings NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle n the Center, and nt ver the netwrk. 1. On the Center machine create a directry which wuld include the fllwing files: Trusted Certificate Authrity file. 2. Using the Cnsle GUI, cnnect t the Center, and select the menu ptin Manage / Center / SSL Tab. 3. Select the Center RTM Organizer/Hst (Server) sub-tab. Lcal Certificate The Center is nt being authenticated, hence Center Authenticatin fields are left blank. Leave Use Alternate Files unselected. Other Side Authenticatin the Cnsle (Client) will be authenticated using the fllwing: Authenticate using: Certificate + Name Enter Client Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSClient Select Use Apprved CA: Brwse t the Trusted CA file. 4. Click Save. 12

Cmmn SSL Cnfiguratins Testing Cnsle Center Cmmunicatin Test the SSL settings defined s far. Using the Cnsle GUI, cnnect t the Center using SSL. Figure 4 Cnnecting using SSL When the cnnectin is apprved and the main Cnsle windw is pened, the SSL lck is displayed at the Center Status bar at the bttm f the screen. Figure 5 Cnsle Cnnected with SSL 13

Cmmn SSL Cnfiguratins Mutual Center-Edge Authenticatin In this cnfiguratin, the Center and Edge authenticate each ther during Replicatin and Distributin jbs. Figure 6 Mutual Authenticatin The cnfiguratin steps are as fllws: 1. Set the Center SSL fr Edge Authenticatin. 2. Set the Edge SSL fr Center Authenticatin. 3. Test the Center - Edge cmmunicatin using SSL by running a ROSS jb. 14

Cmmn SSL Cnfiguratins Center (Client) Settings NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle n the Centers, and nt ver the netwrk. 1. On the Center machine create a directry which wuld include the fllwing files: Trusted Certificate Authrity file Certificate file identifying the Center (Client). Private Key file that matches the Certificate file. 2. Using the Cnsle GUI, cnnect t the Center, and select the menu ptin Manage / Center / SSL Tab. 3. Select the Center (Client) sub-tab. Lcal Certificate the Center (Client) will be authenticated using the fllwing: Select Use Alternate Files Brwse t the client Certificate and Private Key files cpied earlier. Enter Private key Phrase. Using the default ROSS files, the key phrase is: rdsclient Other Side Authenticatin - The Edge (Server) will be authenticated using the fllwing: Authenticate Using: Certificate + Name Enter Client Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSServer Select Use Apprved CA: Brwse t the Trusted CA file. Encryptin: Select any value 4. Click Save. 15

Cmmn SSL Cnfiguratins Edge (Server) Settings NOTE: Using an Edge nly machine, nly the RTM Cnsle can be used t Manage SSL settings fr that Edge. If the Edge machine als has the Center cmpnent installed, then SSL settings fr that Edge can be perfrmed thrugh the ROSS Cnsle GUI cnnected t the Center. NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle GUI n the Edge, and nt ver the netwrk, using the RTM Cnsle. 1. On the Edge machine, create a directry which wuld include the fllwing files: Trusted Certificate Authrity file Certificate file identifying the Center (Client). Private Key file that matches the Certificate file. 2. Using the RTM Cnsle, select the Edge and click the Manage menu ptin. 3. Select the Edge (Server) sub-tab Lcal Certificate the Edge (Server) will be authenticated using the fllwing: Select Use Files Brwse t the server Certificate and Private Key files cpied earlier. Enter Private key Phrase. Using the default ROSS files, the key phrase is: rdsserver Other Side Authenticatin - The Center (Client) will be authenticated using the fllwing: Authenticate Using: Certificate + Name Enter Client Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSClient Select Use Apprved CA: Brwse t the Trusted CA file. 4. Click Save. 16

Cmmn SSL Cnfiguratins Testing Center Edge Cmmunicatin Test the SSL settings defined s far. 1. Using the Cnsle GUI, cnnect t the Center. 2. Define an Uplad jb frm the Center t the Edge. 3. In the Perfrmance Tab, and check the Use SSL ptin. Make sure the jb actually transfers data. Figure 7 Jb Definitin with SSL The General Reprt shuld indicate that SSL was used during the transfer stage: 12:27:18 Starting files transfer t target Using LFA Transfer Engine Using SSL authenticatin and encryptin 17

Cmmn SSL Cnfiguratins Center Authenticating the Cnsles and Edges In this cnfiguratin the Center authenticates all Cnsles and all Edges cnnecting t it, and the Cnsle and Edges authenticate the Center. The Center plays a duplicate rle here, nce as a Server (in a Cnsle Center cmmunicatin), and nce as a Client (in a Center Edge cmmunicatin). The cnfiguratin steps are as fllws: Figure 8 Center Authenticating Cnsle & Edges; Cnsle & Edges Authenticating the Center 1. Set the Cnsle and Center SSL fr Cnsle-Center Authenticatin. 2. Test the Cnsle cnnectin using SSL by pening the Cnsle GUI, and cnnecting t the Center. Cnsle-Center Cmmunicatin Set Cnsle and Center SSL prperties, and then verify settings by cnnecting t the Center using the Cnsle GUI. 18

Cmmn SSL Cnfiguratins Cnsle Settings (Client) 1. On the Cnsle machine create a directry which wuld include the fllwing files: Trusted Certificate Authrity file Certificate file identifying the Cnsle (Client). Private Key file that matches the Certificate file. 2. Using the Cnsle GUI, select the menu ptin Manage / Cnsle SSL Settings. This ptin can be perfrmed while the Cnsle is nt cnnected t any Center (ffline). If cnnected t a Center, using the Cnsle GUI, select the menu ptin Manage / Center / SSL tab: T cnfigure the machine the Cnsle is currently running n: Cnnect t lcalhst. T cnfigure a remte Cnsle: Cnnect t the remte Center n that machine Lcal Certificate the Cnsle (Client) will be authenticated using the fllwing: Select Use Files Brwse t the client Certificate and Private Key files cpied earlier. Enter Private key Phrase. Using the default ROSS files, the key phrase is: rdsclient Other Side Authenticatin The Cnsle is nt authenticating the Center, hence fields are left blank. Authenticate Using: Certificate + Name Enter Server Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSServer Select Use Apprved CA: Brwse t the Trusted CA file. Encryptin: Select any value 3. Click Save. 19

Cmmn SSL Cnfiguratins Center Settings (Server) NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle n the Center, and nt ver the netwrk. 1. On the Center machine create a directry which wuld include the fllwing files: Trusted Certificate Authrity file Certificate file identifying the Center (Server). Private Key file that matches the Certificate file. 2. Using the Cnsle GUI, cnnect t the Center, and select the ptin: Manage / Center / SSL Tab. 3. Select the Center (Server) sub-tab. Lcal Certificate The Center is nt being authenticated, hence Center Authenticatin fields are left blank. Leave unselected Use Files Other Side Authenticatin the Cnsle (Client) will be authenticated using the fllwing: Authenticate Using: Certificate + Name Enter Client Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSClient Select Use Apprved CA: Brwse t the Trusted CA file. 4. Click Save. 20

Cmmn SSL Cnfiguratins Testing Cnsle Center Cmmunicatin Test the SSL settings defined s far. Using the Cnsle GUI, cnnect t the Center using SSL. Figure 9 Cnnecting using SSL When the cnnectin is apprved and the main Cnsle windw is pened, the SSL lck is displayed at the Center Status bar at the bttm f the screen. Figure 10 Cnsle Cnnected with SSL 21

Cmmn SSL Cnfiguratins Center-Edge Cmmunicatin Set Center and Edge SSL prperties, and then verify settings by running a replicatin jb frm the Center t the Edge using LFA Transfer Engine with SSL. Center Settings (Client) NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle n the Centers, and nt ver the netwrk. 1. On the Center machine create a directry which wuld include the fllwing files: Trusted Certificate Authrity file Certificate file identifying the Center (Client). Private Key file that matches the Certificate file. 2. Using the Cnsle GUI, cnnect t the Center, and select the menu ptin Manage / Center / SSL Tab. 3. Select the Center (Client) sub-tab. Lcal Certificate the Center (Client) will be authenticated using the fllwing: Select Use Files Brwse t the client Certificate and Private Key files cpied earlier. Enter Private key Phrase. Using the default ROSS files, the key phrase is: rdsclient Other Side Authenticatin - The Edge (Server) will be authenticated using the fllwing: Authenticate Using: Certificate + Name Enter Client Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSServer Select Use Apprved CA: Brwse t the Trusted CA file. Encryptin: Select any value 4. Click Save. 22

Cmmn SSL Cnfiguratins Edge Settings (Server) NOTE: Using an Edge nly machine, nly the RTM Cnsle can be used t Manage SSL settings fr that Edge. If the Edge machine als has the Center cmpnent installed, then SSL settings fr that Edge can be perfrmed thrugh the ROSS Cnsle GUI cnnected t the Center. NOTE: Fr maximal data-security, althugh the key-phrase is encrypted at all times, it is recmmended t set SSL cnfiguratin using a lcal Cnsle GUI n the Edge, and nt ver the netwrk, using the RTM Cnsle. 1. On the Edge machine create a directry which wuld include the fllwing files: Trusted Certificate Authrity file Certificate file identifying the Edge (Server). Private Key file that matches the Certificate file. 2. Using the RTM Cnsle, select the Edge and Click n the Manage menu ptin. 3. Select Edge (Server) sub-tab Lcal Certificate the Edge (Server) will be authenticated using the fllwing: Select Use Files Brwse t the server Certificate and Private Key files cpied earlier. Enter Private key Phrase. Using the default ROSS files, the key phrase is: rdsserver Other Side Authenticatin - The Center (Client) will be authenticated using the fllwing: Authenticate Using: Certificate + Name Enter Client Cmmn Name. Using the default ROSS files, the Client Cmmn Name is: RDSClient Select Use Apprved CA: Brwse t the Trusted CA file. 4. Click Save. 23

Cmmn SSL Cnfiguratins Testing Center Edge Cmmunicatin Test the SSL settings defined s far. 1. Using the Cnsle GUI, cnnect t the Center. 2. Define an Uplad jb frm the Center t the Edge. 3. In the Perfrmance Tab, check the Use SSL ptin. Make sure the jb actually transfers data. Figure 11 Jb Definitin with SSL The General reprt shuld indicate that SSL was used during the transfer stage: 12:27:18 Starting files transfer t target Using LFA Transfer Engine Using SSL authenticatin and encryptin 24

6. Multiple Trusted Certificate Authrities Installing a trusted CA (Certificate Authrity) certificate n a system means that the system nw cmpletely trusts that CA in terms f authenticatin. If there are multiple authrities t trust, all certificates shuld be stred in ne place: either put all files in the same path with ne authrity certificate in each file, r put all certificate files in ne directry. OpenSSL will search the multiple certificates t verify that the currently used authrity exists, and therefre can be trusted. A typical certificate lks like: -----BEGIN CERTIFICATE----- MIICgTCCAeCAQAwDQYJKZIhvcNAQEEBQAwgYgxCzAJBgNVBAYTAklMMQ8wDQYD gdxenh1kxr5o7xb1+d5jbjzypgve -----END CERTIFICATE----- Using a Multiple Apprved CA File Yu can stre multiple certificates multiple apprved CA in a single file. 1. Using a text editr, append all certificates int ne file. Make sure that each certificate is cpied in full, including the lines: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- 2. Using the ROSS Cnsle, in the Manage / SSL Tab f the cnfigured cmpnent: Select Use Apprved CA Select the File ptin. Brwse t the file cntaining all certificates. Click Save. NOTE: Whenever the certificate changes, r is replaced, the trusted CA file has t be updated. Fr any additinal infrmatin, cntact us at supprt.repliweb.cm 1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information