If you are using SSL ports and unencrypted ports on your
host computer, create an interfaces file for your remote client computers
that uses SSL ports. Distribute this interfaces file to remote client
computers, instead of using the interfaces file that is generated
on the server host computer.
In a failover pair, clients identify both ObjectServers by using the same server name. This
name must be the common name of the server when using the SSL port to connect.For more
information about the example script (which is shipped with the installation) that demonstrates how
the ObjectServer's certificate can be created and shared with clients, see Example keystores.
- Define a certificate with any common name, for example,
NCOMS
. Make a
note of this value because you will need it later.
- Configure the ObjectServer to use the new
certificate.
In a failover pair, clients identify both ObjectServers by using the same server common name.
This name must be the common name of the server when using the SSL port to connect.
- Configure gateways:
For the unidirectional gateway, use the
Gate.Reader.CommonNames and Gate.Writer.CommonNames
properties to specify acceptable common names for the primary and backup ObjectServers.
For
the bidirectional gateway, use the Gate.ObjectServerA.CommonNames and
Gate.ObjectServerB.CommonNames properties.
The following example shows sample configuration of the common name for a
unidirectional
gateway:
Gate.Reader.Server: 'PSERV'
Gate.Reader.CommonNames: 'NCOMS'
Gate.Writer.Server: 'BSERV'
Gate.Writer.CommonNames: 'NCOMS'
In
this example, it is not possible to connect by specifying PSERV or BSERV. To make the connection,
specify the virtual name NCOMS.
- Configure probes: If a probe is connecting to an ObjectServer using SSL, and the
CommonName field of the received certificate does not match the name specified
by the server property, use the SSLServerCommonName property to specify a
comma-separated list of acceptable SSL common names (the default is to use the server
property).
SSLServerCommonName: 'NCOMS'
- Configure clients: If an event list client is connecting to an
ObjectServer using SSL, and the CommonName field of the received certificate
does not match the name specified by the server property, complete the following steps depending on
your operating system:
- UNIX: Before running the event list, specify the NCO_SSL_COMMONNAME
environment variable as a comma-separated list of acceptable SSL common names (the default is to use
the server property).
- Windows: Before running the event list, create a new string value, named
NCO_SSL_COMMONNAME, under the
HKEY_CURRENT_USER\Software\Micromuse\OMNIbus\CurrentVersion\Desktop
Settings\NCOEvent registry key. Set the value to a comma-separated list of acceptable
common names.