Changes between Version 22 and Version 23 of InstallDiscoveryBrowse


Ignore:
Timestamp:
11/10/07 10:10:44 (12 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • InstallDiscoveryBrowse

    v22 v23  
    180180=== Security Configuration === 
    181181Security settings are organised under the `[NDG_SECURITY]` section of the config file.  Set-up includes the following steps:   
    182  * certificates are created to secure communication with security web services (WS-Security) 
     182 * certificates are created to secure communication with security web services (WS-Security and SSL Settings) 
    183183 * the Discovery service is set up to run over http and https Virtual Hosts and  
    184184 * parameters are configured to enable the Gatekeeper to make access control decisions for secure data requests. 
     
    186186For help contact [mailto:P.J.Kershaw@rl.ac.uk Phil]. 
    187187 
    188 ==== WS-Security Settings ==== 
    189 Create a Discovery Service certificate and private key to enable it communicate securely with security services.  First, generate a new private key: 
     188==== Secure Communication with Security Web Services ==== 
     189Create a Discovery Service certificate and private key.  For the private key: 
    190190{{{ 
    191191cd /etc/ndg/ows_server/conf/certs 
     
    237237}}} 
    238238 
    239 In the above replace `password` with the password you set to protect the private key.  If no password was set leave this field blank. 
     239In the above, replace `password` with the password you set to protect the private key.  If no password was set leave this field blank. 
     240 
     241Finally, the field `sslCACertFilePathList` can be used to authenticate peers for SSL connections to ''security web services''.  In the current implementation this applies to the Session Manager web service.  This runs over https.  On a request to the Session Manager, the Discovery service can verify the Session Manager's X.509 certificate against a list of acceptable CA certificates.  If the Session Manager's X.509 certificate is not issued by any of the CA certificates in the list the connection is rejected. 
     242 
     243{{{ 
     244# SSL Connections 
     245# 
     246# Space separated list of CA cert. files.  The peer cert. 
     247# must verify against at least one of these otherwise the connection is 
     248# dropped. 
     249sslCACertFilePathList: /etc/ndg/ows_server/conf/certs/cacert.crt 
     250}}} 
    240251 
    241252==== Virtual Hosting of the Discovery Service over http and https ====