Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
2 replies Latest Post - ‏2013-05-22T19:23:33Z by cdeavill
jcadam14
jcadam14
7 Posts
ACCEPTED ANSWER

Pinned topic Digital Signatures not working

‏2013-04-30T19:30:43Z |

I have done the following to get Secure+ working between two nodes:

- On both nodes, created self-signed certificates, privates keys and key certs

- On Node A, configured .Local to use TLS, pointed its Trusted Root Cert to the certificate generated on Node B, pointed the Key Cert to the key cert generated on Node A, Enabled FIPS, Encryption and Client Authentication, and enabled the TLS_RSA_WITH_AES_256 cipher.  Remote node is set to Default to Local Node.

- On Node B, configured .Local to use TLS, pointed its Trusted Root Cert to the certificate generated on Node A, pointed the Key Cert to the key cert generated on Node B, Enabled FIPS, Encryption and Client Authentication, and enabled the TLS_RSA_WITH_AES_256 cipher. Remote node is set to Default to Local Node.

When I use a Copy with Encrypt Data set to YES, the file transfers fine.  However, when I set Signature to YES, nothing happens.  In the Process Execution Statistics I don't get any errors, just 3 messages stating "STS parameters used for SSL/TLS connection".

Am I either doing something wrong with my Secure+ Admin configuration or missing a certain key/cert or config?  I have no root CA, so we have to use self-signed.  The keys and certs seem to validate fine, and I don't get any errors when validating Secure+, just warnings that I'm using TLS and FIPS.

 

Thanks!

  • jcadam14
    jcadam14
    7 Posts
    ACCEPTED ANSWER

    Re: Digital Signatures not working

    ‏2013-05-02T18:26:58Z  in response to jcadam14

    Ok, I think I understand the Secure+ stuff a little better.  It looks like Digital Signatures are specific to the STS Protocol, which we aren't going to be using.  But to use them, it looks like you have to generate a public/private key pair and they are used for signatures.  Pretty straightforward now that I know what I'm looking at.

     

    Is there a way to ensure that encryption is happening the way you expect?  I would like to be able to validate beyond a shadow of a doubt that TLS is being used and certificates are being utilized appropriately.

    • cdeavill
      cdeavill
      1 Post
      ACCEPTED ANSWER

      Re: Digital Signatures not working

      ‏2013-05-22T19:23:33Z  in response to jcadam14

      You can look at the stats -- you should see, there, what protocol and encryption suite were used (session start, CTRC, and others).