Using SSL for client and server communications
Communication security techniques protect connections between different components of your Tivoli Netcool/OMNIbus system. Tivoli Netcool/OMNIbus uses the Secure Sockets Layer (SSL) security protocol to provide confidentiality, authenticity, and integrity of information between components.
SSL uses digital certificates for key exchange and authentication. When a client initiates an SSL connection, the server presents the client with a certificate that is signed by a Certificate Authority (CA). A CA is a trusted party that guarantees the identity of the certificate and its creator. The server certificate contains the identity of the server, the public key, and the digital signature of the certificate issuer.
By reading the server certificate, the client can determine if the server is a trusted source, and then accept or reject the connection. To verify the signature on the server certificate, the client requires the public key of the issuing CA. Because public keys are distributed in certificates, the client must have a certificate for the issuing CA. This certificate must be signed by the CA.
Server certificates can be generated for ObjectServers, process agents, proxy servers, and probes listening on bidirectional command ports.
- They provide authenticated proof to a client that the server that they connect to is owned by the company or individual that installed the certificate.
- They contain the public key that the client uses to establish an encrypted connection to the server.
In FIPS 140-2 mode, all encryption and key generation functions that are required for the secured SSL connections are provided by FIPS 140-2 approved cryptographic providers.