Using NIM to install clients configured with SSL authentication
NIM can be used to install machines in an RS/6000® environment configured for SSL authentication.
Clients configured for SSL authentication must use the NIM Service Handler (NIMSH) for handling NIM master push operations. For more information about NIMSH, see Using the NIM service handler for client communication.
You can install and configure the OpenSSL cryptographic software using the NIM command options. Scripts are provided for configuring OpenSSL in the NIM environment, and you can use these without any modifications. The scripts are installed as part of the bos.sysmgt.nim.client fileset and located in the /usr/samples/nim/ssl directory. The scripts are used to define SSL keys and certificates for NIM SSL usage.
- /ssl_nimsh
- SSL parent directory for NIM
- /ssl_nimsh/configs
- Contains scripts used to configure SSL in NIM
- /ssl_nimsh/certs
- Contains SSL certificates used during host authentication
- /ssl_nimsh/keys
- Contains SSL keys used during SSL protocol communication
- SSL_root.cnf
- Generates Certificate Authority key for signing certificates
- SSL_server.cnf
- Generates the NIM master's certificate for distributing to clients
- SSL_client.cnf
- Generates the NIM master's local certificate for authenticating
For more information on installing and configuring OpenSSL in NIM, see the nimconfig command and nimclient command.