How to enable SSL communication between NamingService and Naming Clients?

Resolution:

The following example uses X.509 certs and user/password for authentication.

-VBC/VBJ SSL client with X.509 certs loaded and uses username/password for authentication.
-Naming service uses SSL.
-VBJ server that authenticate VBJ/VBC SSL client"s certs and also username/password.

1. Start the Naming Service with SSL.

a. Create naming.properties with the following properties

# Disable Osagent:
vbroker.agent.enableLocator=false

# Listener port of the naming service:
vbroker.se.iiop_tp.scm.iiop_tp.listener.port=55555

# SSL properties:
org.omg.PortableInterceptor.ORBInitializerClass.com.borland.security.core.Init=1
vbroker.security.disable=false
vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST
vbroker.security.trustpointsRepository=Directory:./trustpoints
vbroker.security.wallet.type=Directory:./identities
vbroker.security.wallet.identity=paul
vbroker.security.wallet.password=Paul$$$$
vbroker.orb.alwaysSecure=true
vbroker.orb.dynamicLibs=com.inprise.vbroker.firewall.Init
vbroker.security.secureTransport=true
vbroker.security.alwaysSecure=true

# Debug Properties:
vbroker.security.logLevel=debug
#vbroker.orb.debug=true
#vbroker.orb.logLevel=debug
#vbroker.orb.warn=2
#vbroker.poa.logLevel=debug
vbroker.naming.logLevel=debug

b. Start NamingService
nameserv -J-DORBpropStorage=naming.properties

2. Start the VBJ server that authenticate VBJ/VBC SSL client's certs and also username/password.

a. Create java_server.properties with the following properties

# Enabling Security Service:
vbroker.security.disable=false

# Setting SSL Layer Attributes:
vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST
vbroker.security.server.transport=ALL
vbroker.security.trustpointsRepository=Directory:./trustpoints
vbroker.security.wallet.type=Directory:./identities
vbroker.security.wallet.identity=paul
vbroker.security.wallet.password=Paul$$$$

# Disable the osagent:
vbroker.agent.enableLocator=false

# Debug properties:
vbroker.security.logLevel=debug
#vbroker.orb.debug=true
#vbroker.orb.logLevel=debug
#vbroker.orb.warn=2
#vbroker.poa.logLevel=debug

# Password login
vbroker.security.login=true
vbroker.security.login.realms=myrealm
vbroker.security.authentication.callbackHandler=com.borland.security.provider.authn.HostCallbackHandler
vbroker.security.authentication.config=java_server.config

b. Create java_server.config as following

myrealm {
com.borland.security.provider.authn.BasicLoginModule required
DRIVER=com.borland.datastore.jdbc.DataStoreDriver
URL="jdbc:borland:dslocal:./userdb.jds"
TYPE=BASIC
LOGINUSERID=admin
LOGINPASSWORD=admin;
};

c. Start VBJ Server

vbj -J-DORBpropStorage=java_server.properties -DORBInitRef=NameService=file:./ns.ior Server

 

3.Start the VBJ Client

a. Create java_client.properties with the following properties

# Enabling Security Service
vbroker.security.disable=false

# Setting peerAuthenticationMode
vbroker.security.peerAuthenticationMode=NONE
vbroker.security.trustpointsRepository=Directory:./trustpoints

# Disable the osagent:
vbroker.agent.enableLocator=false

# Debug properties
vbroker.security.logLevel=debug
#vbroker.orb.debug=true
#vbroker.orb.logLevel=debug
#vbroker.orb.warn=2

# Wallet properties:
vbroker.security.wallet.type=Directory:./identities
vbroker.security.wallet.identity=sigma

# Password login
vbroker.security.login=false
vbroker.security.authentication.callbackHandler=com.borland.security.provider.authn.HostCallbackHandler
vbroker.security.login.realms=GSSUP#myrealm

b.Start the VBJ Client

vbj -DORBpropStorage=java_client.properties -DORBInitRef=NameService=file:./ns.ior

4. Start VBC Client

a. Create vbc_client.properties with the following properties

# Enabling Security Service:
vbroker.security.disable=false

# Setting peerAuthenticationMode:
vbroker.security.peerAuthenticationMode=NONE
vbroker.security.trustpointsRepository=Directory:./trustpoints

# Disable the osagent:
vbroker.agent.enableLocator=false

# Wallet properties:
vbroker.security.wallet.type=Directory:./identities
vbroker.security.wallet.identity=sigma

# Password login:
vbroker.security.login=false
vbroker.security.authentication.callbackHandler=com.borland.security.provider.authn.HostCallbackHandler
vbroker.security.login.realms=GSSUP#myrealm

vbroker.security.logLevel=LEVEL_DEBUG

b. Start the Client

Client -DORBpropStorage=cpp_client.properties -ORBInitRef NameService=file:///./ns.ior

 

Note: The use of iioploc://... to locate NameService by server/client to connect to NameService will not be able to connect to it with use of SSL. This is a current limitation. Hence, it is updated to use file:./ns.ior. or SVCnameroot.