Configure SSL and AES :: DataFlux(R) Data Management Server 2.6: Administrator's Guide

Overview

Beginning in the 2.5 release, the DataFlux Secure software is installed by default when you install your DataFlux Data Management Server. The DataFlux Secure software provides increased security through the Advanced Encryption Standard and through the use of the Secure Sockets Layer to protect HTTP client connections. These security enhancements, and their configuration on the DataFlux Data Management Server, are addressed in detail in the DataFlux Secure Administrator’s Guide.

All of the clients and servers that connect to the DataFlux Data Management Server need to be configured for the same level of encryption and SSL implementation.

Enable SOAP with SSL

Edit the following settings as they apply to your environment. Configure these settings in the install-path/etc/dmserver.cfg.

CAUTION:

Stop the DataFlux Data Management Server before you make any changes to the configuration file.

Configuration Option	Description
DMSERVER/SOAP/SSL	If you use a DataFlux Authentication Server for security, then set the value to YES. Later, if you need to disable SSL, set the value to NO. If you use a SAS Metadata Server for security, then this option should remain disabled by comment characters, as is the case by default. This option should not be set in dmserver.cfg because the value is set at server start, based on the server’s metadata definition. If you set the option locally, then the local value overrides the value in metadata.
DMSERVER/SOAP/SSL/KEY_FILE	Specifies the path to the key file that is required when the SOAP server must authenticate to clients.
DMSERVER/SOAP/SSL/KEY_PASSWD	Specifies the password for DMSERVER/SOAP/SSL/KEY_FILE. If the key file is not password protected, then comment-out this option. The value of this option must be encrypted. To encrypt passwords, see Encrypt Passwords for DSNs and SSL.
DMSERVER/SOAP/SSL/CA_CERT_FILE	Specifies the file that stores your trusted certificates.
DMSERVER/SOAP/SSL/CA_CERT_PATH	Specifies the path to the directory where you store your trusted certificates.

OpenSSL

DataFlux Secure software requires the OpenSSL libraries to communicate by means of the Secure Sockets Layer. OpenSSL is already installed and configured on most UNIX and Linux distributions. Windows systems require you to download and install OpenSSL libraries. The OpenSSL libraries must be available in the execution path for the DataFlux Secure software. The OpenSSL for Windows installation defaults to copying these libraries to the appropriate Windows system directory.

DataFlux Data Management Studio is a 32-bit Windows application. Therefore, it requires the 32-bit OpenSSL for Windows libraries. DataFlux Data Management Server can be installed on either 32-bit Windows or 64-bit Windows. The OpenSSL libraries must match the bitness of the DataFlux Data Management Server executables.