|
Network Interfaces can be added to a Nirvana Realm using
the nAdmin API or by using
the Nirvana Realm Manager.
To add an ssl interface using the Realm Manager GUI follow
the steps below:
Step 1: Click on the interfaces panel
for this Realm. In the example below an interface is
being added to the nirvanaPrimary Realm. An interface
could also be added however to the Realm which is mounted
into this Realm's namespace under /bkup . This ability
makes centralised remote administration very easy using
Nirvana.
Step 2: Click on the Add button in
order to bring up the Add Interface dialog box. In
the dialog choose the network
protocol you would like to use for this interface.
The choices are Sockets, Secure Sockets, HTTP and HTTPS. Choose either Secure Sockets or Secure HTTPS to add an SSL interface.
In this example HTTPS is chosen as the protocol and
the interface is added to the network adapter node63.my-Channels.com.
This will run the network interface on the IP Address that the
hostname node63.my-Channels.com resolves to. You can
also specify an IP address directly for any network
interface on the machine, or 127.0.0.1 for localhost
or 0.0.0.0 for all network interfaces on this machine.
Step 3: When a new interface is added
it is not started automatically because you will typically
want to set security policies up as well as potentially
adding additional configuration, as in this example when adding
an SSL/HTTPS interface.
After the interface has been added but before it has
been started you should see the following in your interfaces
panel:
In this example you can see that this Realm now has
5 network interfaces and that the one just added has
not been started.
Before we start the interface, we need to configure SSL. Please click on the
line containing the stopped trafficlight. This will
populate the tabs at the bottom with details for this
HTTPS interface.
Click on the Certificates tab. You will see that the
first 2 text boxes have been automatically filled in.
In the Nirvana download, we provide sample .jks files
containing certificates bound to localhost, for the
server, the client and the truststore used by jsse.
In this example we are going to use the sample jks files
in order to demonstrate creating an SSL interface.
If you would like instructions on generating
your own certificates for use with Nirvana please
see our FAQ.
The text field titled 'Key store path' should contain something simlar to:
c:\Nirvana 2.0.3422\server\Nirvana\bin\server.jks
which should be the path to the sample Java keystore for the server, bound to localhost. The text field 'Trust store path' should contain something similar to the following:
c:\Nirvana 2.0.3422\server\Nirvana\bin\nirvanacacerts.jks
Next, fill in the entries for the 'Key Store Passwd' and 'CA Store Passwd' with 'password'. This is the password for both the server keystore and the CA (truststore) keystore.
Next select the 'Basic' tab and click on the autostart interface
checkbox. Clicking on this box means that the interface
will be started automatically when the Nirvana Realm
server is started.
Then click on apply and the Interface will
be started. It will also start it now.
Alternatively if you do not wish to autostart then
double click on the line with the stopped trafficlight.
This will bring up a dialog which allows you to stop
or start that network interface.
If the network interface fails to start then please
inspect the Nirvana log file via the messages tab. Please
contact support@my-Channels.com if any other issues
arise.
There is no limit to the number of network interfaces
that can be added to a Realm and each can have its own
configuration such SSL chains etc applied. This allows
you to isolate customers from each other while still
using only one Nirvana Realm server.
In this example we have used our own sample Java keystores which will only work when using the loopback interface of your realm server host.
If you wish to provide SSL capabilities for remote connections, you must ensure you have your own keystores and valid certificate chains.
For help on creating your own certificate chains, and using Java keytool please visit the following useful links.
http://Java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
http://Java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security10.html#62814
|
