Changes between Version 22 and Version 23 of InstallDiscoveryBrowse
- Timestamp:
- 11/10/07 10:10:44 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
InstallDiscoveryBrowse
v22 v23 180 180 === Security Configuration === 181 181 Security settings are organised under the `[NDG_SECURITY]` section of the config file. Set-up includes the following steps: 182 * certificates are created to secure communication with security web services (WS-Security )182 * certificates are created to secure communication with security web services (WS-Security and SSL Settings) 183 183 * the Discovery service is set up to run over http and https Virtual Hosts and 184 184 * parameters are configured to enable the Gatekeeper to make access control decisions for secure data requests. … … 186 186 For help contact [mailto:P.J.Kershaw@rl.ac.uk Phil]. 187 187 188 ==== WS-Security Settings ====189 Create a Discovery Service certificate and private key to enable it communicate securely with security services. First, generate a newprivate key:188 ==== Secure Communication with Security Web Services ==== 189 Create a Discovery Service certificate and private key. For the private key: 190 190 {{{ 191 191 cd /etc/ndg/ows_server/conf/certs … … 237 237 }}} 238 238 239 In the above replace `password` with the password you set to protect the private key. If no password was set leave this field blank. 239 In the above, replace `password` with the password you set to protect the private key. If no password was set leave this field blank. 240 241 Finally, the field `sslCACertFilePathList` can be used to authenticate peers for SSL connections to ''security web services''. In the current implementation this applies to the Session Manager web service. This runs over https. On a request to the Session Manager, the Discovery service can verify the Session Manager's X.509 certificate against a list of acceptable CA certificates. If the Session Manager's X.509 certificate is not issued by any of the CA certificates in the list the connection is rejected. 242 243 {{{ 244 # SSL Connections 245 # 246 # Space separated list of CA cert. files. The peer cert. 247 # must verify against at least one of these otherwise the connection is 248 # dropped. 249 sslCACertFilePathList: /etc/ndg/ows_server/conf/certs/cacert.crt 250 }}} 240 251 241 252 ==== Virtual Hosting of the Discovery Service over http and https ====