ZeroC Ice enables SSL communication configuration and zerocicessl Communication
Zeroc ICE (Internet Communications Engine) middleware is known as standard and unified, open-source, cross-platform, cross-language, distributed, secure, service transparent, load balancing, object-oriented, superior performance, firewall penetration, communication shield. Https://zeroc.com/
This middleware is convenient for cross-language integration. The following describes how to enable ssl communication when java c ++ interacts.
1. Certificate generation
ICE provides the steps to apply for a certificate. You can use the ICE script to generate the required certificate. Go to the Ice-3.5.1/cpp/src/ca directory.
1.1 generate the root certificate and enter the Certificate Information
Python iceca init -- no-password-overwrite
The root certificate is generated under the/root/. iceca/directory. The root certificate is the current login user.
1.2. Apply for a certificate for the ICE Server:
Python iceca request -- no-password server
1.3. Apply for a certificate for the ICE Client
Python iceca request -- no-password client
1.4. Certificate Signature
Python iceca sign -- in server_req.pem -- out server_cert.pem
Python iceca sign -- in client_req.pem -- out client_cert.pem
1.5. Export Certificate
Export the certificate used by the ICE client to a java available format. The certificate file of the root certificate must be copied from/root/. iceca/ca/db.
Python iceca import -- java client_cert.pem client_key.pem client_cert.jks
Python iceca import -- java ca_cert.pem ca_key.pem ca_cert.jks
Two passwords are required for export. The first is the private key password. Because you do not set a password when applying for a certificate or enter a password, press enter to enter the second password ##
2. Program Configuration
2.1. Copy the generated ca_cert.jks, ca_key.pem, client_cert.jks, and server_cert.pem files to the/home/certs directory.
Copy the so file (libIceSSL. so, libIceSSL. so.3.5.1, and libIceSSL. so.35) generated by icessl to/usr/lib and run the ldconfig command.
2.2. Add the following lines to the config. ICE file for ssl settings on the ice Server:
Ice. Plugin. IceSSL = IceSSL: createIceSSL
IceSSL. DefaultDir =/home/certs
IceSSL. CertFile = server_cert.pem
IceSSL. KeyFile = server_key.pem
IceSSL. CertAuthFile = ca_cert.pem
The Endpoint bound to the server.
Default-p 8881-h localhost: ssl-p 8882
2.3. Enable SSL on the ICE Client
Create the configuration file config. ice in/home/web and save the following content:
Ice. Plugin. IceSSL = IceSSL. PluginFactory
IceSSL. DefaultDir =/home/certs
IceSSL. Keystore = ca_cert.jks
IceSSL. Truststore = client_cert.jks
IceSSL. TruststorePassword = admin12345
The service information and configuration of client program connection are as follows:
"-- Ice. Config =/home/web/config. ice"
"#: Ssl-p 8882-h ##"