|
Network Interfaces can be added to a Nirvana Realm using
the nAdmin API or by using
the Nirvana Realm Manager.
To add an ssl interface using the Enterprise Manager
GUI follow the steps below:
Step 1: Click on the interfaces panel
for a Realm. In the example below an interface is being
added to the nirvana1 Realm. An interface could also
be added however to any other realm shown in the enterprise
manager. This ability makes centralised remote administration
very easy using Nirvana.
Step 2: Click on the Add button in
order to bring up the Add Interface dialog box. In
the dialog choose the network
protocol you would like to use for this interface.
The choices are Sockets, Secure Sockets, HTTP and HTTPS.
Choose either Secure Sockets or Secure HTTPS to add
an SSL interface.
In this example HTTPS is chosen as the protocol and
the interface is added to the network adapter 192.168.1.5.
This will run the network interface on that IP Address.
Alternatively, you could add a hostname that will resolve
to the IP address of the chosen interface, or you can
also specify 127.0.0.1 for localhost or 0.0.0.0 for
all network interfaces on this machine.
Step 3: When a new interface is added
if the Auto Start option is not clicked the realm interface
will not start automatically when a realm starts, and
it will have to be started manually.
After the interface has been added you should see the
following in your interfaces panel:
In this example you can see that this Realm now has
2 network interfaces and that the one just added has
been started.
If you did not choose to start the interface automatically,
then in order to start the interface you need to click
on the line containing the stopped trafficlight. This
will populate the tabs at the bottom with details for
this interface.
Click on the Certificates tab. You will see that the
first 2 text boxes have been automatically filled in.
In the Nirvana download, we provide sample .jks files
containing certificates bound to localhost, for the
server, the client and the truststore used by jsse.
In this example we are going to use the sample jks files
in order to demonstrate creating an SSL interface.
If you would like instructions on generating
your own certificates for use with Nirvana please
see our FAQ.
The text field titled 'Key store path' should contain
something simlar to:
c:\Nirvana 3.0.XXXX\server\Nirvana\bin\server.jks
which should be the path to the sample Java keystore
for the server, bound to localhost. The text field 'Trust
store path' should contain something similar to the
following:
c:\Nirvana 3.1.XXXX\server\Nirvana\bin\nirvanacacerts.jks
Next, fill in the entries for the 'Key Store Passwd'
and 'CA Store Passwd' with 'password'. This is the password
for both the server keystore and the CA (truststore)
keystore.
Next select the 'Basic' tab and click on the autostart
interface checkbox. Clicking on this box means that
the interface will be started automatically when the
Nirvana Realm server is started.
Then click on apply and the Interface will be started.
It will also start it now.
Alternatively if you do not wish to autostart then
double click on the line with the stopped trafficlight.
This will bring up a dialog which allows you to start
that network interface.
If the network interface fails to start then please
inspect the Nirvana log file via the messages tab. Please
contact support@my-Channels.com if any other issues
arise.
Similarly, if you wish to stop an interface, simply
double-click on the interface you want to stop from
the interface table, and click on the 'stop' button.
There is no limit to the number of network interfaces
that can be added to a Realm and each can have its own
configuration such SSL chains etc applied. This allows
you to isolate customers from each other while still
using only one Nirvana Realm server.
In this example we have used our own sample Java keystores
which will only work when using the loopback interface
of your realm server host. If you wish to provide SSL
capabilities for remote connections, you must ensure
you have your own keystores and valid certificate chains.
For help on creating your own certificate chains, and
using Java keytool please visit the following useful
links.
http://Java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
http://Java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security10.html#62814
|
