Configure ZeroC Ice to enable SSL communication

Source: Internet
Author: User

Configure ZeroC Ice to enable SSL communication
Zeroc ICE (Internet Communications Engine) middleware is known as standard and unified, open-source, cross-platform, cross-language, distributed, secure, service transparent, load balancing, object-oriented, superior performance, firewall penetration, communication shield. Https://zeroc.com/the middleware is more convenient in cross-language integration, the following is the interaction between java c ++, enabling ssl communication settings 1. to generate a certificate, use the certificate script to generate the required certificate. Go to the Ice-3.5.1/cpp/src/ca directory. 1.1. generate the root certificate and enter the Certificate Information python iceca init -- no-password-overwrite root certificate in/root /. generated under the iceca/directory. the root account is the current Login User 1.2. apply for a certificate for the ICE server: python iceca request -- no-password server 1.3. apply for a certificate for the ICE client python iceca request -- no-password client 1.4. certificate Signature python iceca sign -- in server_req.pem -- out server_cert.pem python iceca sign -- in client_req.pem -- out client_cert.pem 1.5. export the certificate to export the certificate used by the ICE client to a java available format. The certificate file of the root certificate must be from/root /. iceca/ca/db. python iceca import -- java client_cert.pem client_key.pem export python iceca import -- java ca_cert.pem ca_key.pem ca_cert.jks requires two passwords for export. The first one is the private key password. Because no password is set during certificate application, do not enter. Press enter directly. You need to enter the second password ## 2. program configuration 2.1. copy the generated ca_cert.jks, ca_key.pem, client_cert.jks, and server_cert.pem files to the/home/certs directory. Copy the so file (libIceSSL. so, libIceSSL. so.3.5.1, and libIceSSL. so.35) generated by icessl to/usr/lib and run the ldconfig command. 2.2. the ssl settings of the ICE server config. ice file, add the following lines: Ice. plugin. iceSSL = IceSSL: createIceSSL IceSSL. defaultDir =/home/certs IceSSL. certFile = server_cert.pem IceSSL. keyFile = server_key.pem IceSSL. certAuthFile = the Endpoint bound to the ca_cert.pem server. The following example shows how to enable default-p 8881-h localhost: ssl-p 8882 2.3 at the same time with ssl. the ICE client enables SSL to create a configuration file config in/home/web. ice, save the following content: Ice. plugin. iceSSL = IceSSL. pluginFactory IceSSL. defaultDir =/home/certs IceSSL. keystore = ca_cert.jks IceSSL. truststore = client_cert.jks IceSSL. truststorePassword = admin12345 the service information and configuration of the client connection are as follows: "-- Ice. config =/home/web/config. ice "" #: ssl-p 8882-h ##"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.