Problem:
- Product Name: VisiBroker
- Product Version: 5.2
- Product Component: Security Service
- Platform/OS Version: All
Can a client talk SSL with another server without itself having certificates?
Resolution:
The main thing is to configure the server this way:
########################################
# Enabling Security Service
vbroker.security.disable=false
# Setting SSL Layer Attributes
#vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST
vbroker.security.peerAuthenticationMode=NONE
#vbroker.se.iiop_tp.scm.ssl.listener.trustInClient=true
vbroker.security.trustpointsRepository=Directory:./trustpoints
vbroker.security.server.transport=ALL
vbroker.security.logLevel=debug
########################################
And configure the client this way:
########################################
# Enabling Security Service
vbroker.security.disable=false
# Enforcing secure transport at client side
vbroker.security.secureTransport=true
vbroker.security.alwaysSecure=true
# Setting peerAuthenticationMode
vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST
vbroker.security.trustpointsRepository=Directory:./trustpoints
vbroker.security.logLevel=debug
#########################################
The setting of :
vbroker.security.peerAuthenticationMode=NONE
on the server (instead of REQUIRE_AND_TRUST), and the comment/removal of this property (default value is false):
#vbroker.se.iiop_tp.scm.ssl.listener.trustInClient=true
tells the server to accept untrusted client, and do not need to require the client to have certificate.
#Security
#VisiBroker
