|
This Section describes how to use SSL in your Nirvana client applications. Nirvana supports various wire protocols
including SSL enabled sockets and HTTPS. The example programs contained in the Nirvana package will all work with
SSL enabled on the realm server.
Once you have created an SSL
enabled interface for your realm you need to ensure
that your client application passes the required System
properties used by your jsse enabled JVM. The Nirvana
download contains some example Java key store files
that will be used in this example.
If you would like to add your own certificates please
see: generating
certificates for Nirvana.
The first such keystore is the client keystore, called client.jks, which can be found
in your installation directory, under the /server/Nirvana/bin directory. The second is the
CA keystore called nirvanacacerts.jks, which is again located in the /server/Nirvana/bin
directory
Using the example keystores, the following system properties are required by the Nirvana sample apps
and must be specified in the command line as follows:
-DCKEYSTORE=%INSTALLDIR%\client\Nirvana\bin\client.jks
-DCKEYSTOREPASSWD=password
-DCAKEYSTORE=%INSTALLDIR%\client\Nirvana\bin\nirvanacacerts.jks
-DCAKEYSTOREPASSWD=password
where :
CKEYSTORE is the client keystore location
CKEYSTOREPASSWD is the password for the client keystore
CAKEYSTORE is the CA keystore file location
CAKEYSTOREPASSWD is password for the CA keystore
The above system properties are used by the Nirvana sample apps, but are mapped to system
properties required by a jsse enabled JVM by the utility program 'com.pcbsys.foundation.utils.fEnvironment',
which all sample applications use. If you do not wish to use this program to perform the mapping between
Nirvana system properties and those required by the JVM, you can specify the SSL properties directly.
To do this in your own applications, the following system properties must be set:
-Djavax.net.ssl.keyStore=%INSTALLDIR%\client\Nirvana\bin\client.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=%INSTALLDIR%\client\Nirvana\bin\nirvanacacerts.jks
-Djavax.net.ssl.trustStorePassword=password
where :
javax.net.ssl.keyStore is the client keystore location
javax.net.ssl.keyStorePassword is the password for the client keystore
javax.net.ssl.trustStore is the CA keystore file location
javax.net.ssl.trustStorePassword is password for the CA keystore
As well as the above system properties, if you are intending to use https, both the Nirvana sample
apps and your own applications will require the following system property to be passed in the command line:
-Djava.protocol.handler.pkgs="com.sun.net.ssl.internal.www.protocol"
As well as the above, the RNAME used by your client application must
correspond to the correct type of SSL interface, and the correct hostname and port that was configured earlier.
|
