Configure ZeroC Ice to enable SSL communication

Configure ZeroC Ice to enable SSL communication
Zeroc ICE (Internet Communications Engine) middleware is known as standard and unified, open-source, cross-platform, cross-language, distributed, secure, service transparent, load balancing, object-oriented, superior performance, firewall penetration, communication shield. Https://zeroc.com/the middleware is more convenient in cross-language integration, the following is the interaction between java c ++, enabling ssl communication settings 1. to generate a certificate, use the certificate script to generate the required certificate. Go to the Ice-3.5.1/cpp/src/ca directory. 1.1. generate the root certificate and enter the Certificate Information python iceca init -- no-password-overwrite root certificate in/root /. generated under the iceca/directory. the root account is the current Login User 1.2. apply for a certificate for the ICE server: python iceca request -- no-password server 1.3. apply for a certificate for the ICE client python iceca request -- no-password client 1.4. certificate Signature python iceca sign -- in server_req.pem -- out server_cert.pem python iceca sign -- in client_req.pem -- out client_cert.pem 1.5. export the certificate to export the certificate used by the ICE client to a java available format. The certificate file of the root certificate must be from/root /. iceca/ca/db. python iceca import -- java client_cert.pem client_key.pem export python iceca import -- java ca_cert.pem ca_key.pem ca_cert.jks requires two passwords for export. The first one is the private key password. Because no password is set during certificate application, do not enter. Press enter directly. You need to enter the second password ## 2. program configuration 2.1. copy the generated ca_cert.jks, ca_key.pem, client_cert.jks, and server_cert.pem files to the/home/certs directory. Copy the so file (libIceSSL. so, libIceSSL. so.3.5.1, and libIceSSL. so.35) generated by icessl to/usr/lib and run the ldconfig command. 2.2. the ssl settings of the ICE server config. ice file, add the following lines: Ice. plugin. iceSSL = IceSSL: createIceSSL IceSSL. defaultDir =/home/certs IceSSL. certFile = server_cert.pem IceSSL. keyFile = server_key.pem IceSSL. certAuthFile = the Endpoint bound to the ca_cert.pem server. The following example shows how to enable default-p 8881-h localhost: ssl-p 8882 2.3 at the same time with ssl. the ICE client enables SSL to create a configuration file config in/home/web. ice, save the following content: Ice. plugin. iceSSL = IceSSL. pluginFactory IceSSL. defaultDir =/home/certs IceSSL. keystore = ca_cert.jks IceSSL. truststore = client_cert.jks IceSSL. truststorePassword = admin12345 the service information and configuration of the client connection are as follows: "-- Ice. config =/home/web/config. ice "" #: ssl-p 8882-h ##"