Page tree

Skip to end of metadata
Go to start of metadata

You can enable client authentication by setting the pronet.jserver.ssl.authenclient=true property. When client authentication is enabled, JServer prompts each client requesting a connection to present a certificate of authentication. 

If Java Administration is launched from Microsoft Windows, you must change pronet.conf on Microsoft Windows as well.

If the Administration Console is launched on a different computer than the computer where jserver is running, then you have to change etc/pronet.conf on both computers, so they refer to the same certificate.

JServer properties

The following properties control the JServer secure settings:

pronet.jserver.ssl.secure=false
## ssl properties for jserver, valid only when rmi.server.secure is true
pronet.jserver.ssl.algorithm=SunX509
## besides JKS, we also support pkcs12 format keystore for SunX509
pronet.jserver.ssl.keystore.provider=JKS
## jserver certificate keystore file name in /usr/pronto/conf/
pronet.jserver.ssl.keystore.filename=pnserver.ks
## if you change the jserver keystore password, be sure to update the passwdfile
pronet.jserver.ssl.keystore.passwdfile=.ks_pass
## as default, jserver does not ask certificate from java admin
## if changed to true, be sure to set relevant props in pronet.admin section below
pronet.jserver.ssl.authenclient=false
## set ssl debug, could be all, ssl, handshake
#pronet.jserver.ssl.debug=all
## enabled cipher suite, default is all the suites in jsse
#pronet.jserveradmin.ssl.enabledsuites=SSL_RSA_WITH_RC4_128_SHA

Java admin properties 

The following properties control the Java Admin secure settings:

## we do not do admin authentication, but if jserver.ssl.authenclient 
## is set to true, then following admin ssl properties need to be set correctly
##
## the following two settings are default
pronet.admin.ssl.algorithm=SunX509
pronet.admin.ssl.keystore.provider=JKS
## after obtaining a certificate for Java Admin, save it to this keystore in conf folder
#pronet.admin.ssl.keystore.filename=jadmin.ks
## password is specified by pronet.admin.keystore.passwd in [.ks_pass]
#pronet.admin.ssl.keystore.passwdfile=.ks_pass
## set ssl debug, could be all, ssl, handshake
#pronet.admin.ssl.debug=all