ZeroC Ice enables SSL communication configuration and zerocicessl Communication

ZeroC Ice enables SSL communication configuration and zerocicessl Communication

Zeroc ICE (Internet Communications Engine) middleware is known as standard and unified, open-source, cross-platform, cross-language, distributed, secure, service transparent, load balancing, object-oriented, superior performance, firewall penetration, communication shield. Https://zeroc.com/

This middleware is convenient for cross-language integration. The following describes how to enable ssl communication when java c ++ interacts.

1. Certificate generation

ICE provides the steps to apply for a certificate. You can use the ICE script to generate the required certificate. Go to the Ice-3.5.1/cpp/src/ca directory.

1.1 generate the root certificate and enter the Certificate Information

Python iceca init -- no-password-overwrite

The root certificate is generated under the/root/. iceca/directory. The root certificate is the current login user.

1.2. Apply for a certificate for the ICE Server:

Python iceca request -- no-password server

1.3. Apply for a certificate for the ICE Client

Python iceca request -- no-password client

1.4. Certificate Signature

Python iceca sign -- in server_req.pem -- out server_cert.pem

Python iceca sign -- in client_req.pem -- out client_cert.pem

1.5. Export Certificate

Export the certificate used by the ICE client to a java available format. The certificate file of the root certificate must be copied from/root/. iceca/ca/db.

Python iceca import -- java client_cert.pem client_key.pem client_cert.jks

Python iceca import -- java ca_cert.pem ca_key.pem ca_cert.jks

Two passwords are required for export. The first is the private key password. Because you do not set a password when applying for a certificate or enter a password, press enter to enter the second password ##

2. Program Configuration

2.1. Copy the generated ca_cert.jks, ca_key.pem, client_cert.jks, and server_cert.pem files to the/home/certs directory.

Copy the so file (libIceSSL. so, libIceSSL. so.3.5.1, and libIceSSL. so.35) generated by icessl to/usr/lib and run the ldconfig command.

2.2. Add the following lines to the config. ICE file for ssl settings on the ice Server:

Ice. Plugin. IceSSL = IceSSL: createIceSSL

IceSSL. DefaultDir =/home/certs

IceSSL. CertFile = server_cert.pem

IceSSL. KeyFile = server_key.pem

IceSSL. CertAuthFile = ca_cert.pem

The Endpoint bound to the server.

Default-p 8881-h localhost: ssl-p 8882

2.3. Enable SSL on the ICE Client

Create the configuration file config. ice in/home/web and save the following content:

Ice. Plugin. IceSSL = IceSSL. PluginFactory

IceSSL. DefaultDir =/home/certs

IceSSL. Keystore = ca_cert.jks

IceSSL. Truststore = client_cert.jks

IceSSL. TruststorePassword = admin12345

The service information and configuration of client program connection are as follows:

"-- Ice. Config =/home/web/config. ice"

"#: Ssl-p 8882-h ##"