Excerpt | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Security may be turned on or off per web service instance. In order to activate the security, please follow this guide. Please oben the web user interface of tia Webservice and click on the gear symbol in the actions column of the webservice instance you wish to activate security for. This will open the configuration of the instance.
Please switch to the tab Security and tick the checkbox of the option UseSecurity. Three types of security are being supported.
Signing an application’s nameThree fields should be configured in order to verify that the application name is signed.
You may configure a keystore which consists of one or many certificates (with public keys). When a seckey is received by an instance, seckey’s signature will be verified against the alias configured at the web service’s instance configuration. After enabling the UseSecurity setting and configuring a keystore alias, the signing of the application’s name will be verified using the public key mapped against the alias in the specified keystore.
Using a certificateThe option Certificate within the Security-tab ( Main → tia Web Service → Gear-symbol in the Actions column of the instance) allows you to use different types of certificates. Currently you may choose from the following types.
It’s also possible to send certificates to every web service instance with configured security, by clicking the Send Certificates-button at the bottom of the instance overview. Configuring permission for Content Server operationsAn web service instance may be configured to allow certain or all operations. The following operations are possible.
You may find these options by opening the web userinterface → Main → tia Web Service → Gear-symbol in Actions-column of the instance → Security-tab
Importing a certificate with Public KeyIn order to import a certificate with public key, which will be used for verfication, please follow this guide. Open the web userinterface of the Web Service and go to Main → tia Web Service. Please make sure, that the Public Keystore Path, the PublicKeystore Password as well as the PublicStoreAlias have been configured. Next to the Web Service instance please click on the Import-icon, which will open a dialog. In this dialog you’ll have enter the alias and locate the certificate by clicking the browse button. After both have been set, please click on the Import-button. In case an alias already exist or the certificate is not valid with a public key, an error will be generated.
Generating a Certificate Send Reuest (CSR)This allows an instance to generate a certificate send request (CSR) at a specified folder to be signed by the authorized authority (e.g. CA). In order to use this feature please make sure that the following parameters have been configured in the instance.
This will generate a CSR file using the name of an Instance. For example, if the instance name is “Cortex”, the CSR file will be “Cortex.csr”. It is expected that the CSR file will be signed by the ap-propriate authority and later a CER file will be sent back. Once the CER file has been received, please import the CER into the public Keystore by following the steps mentioned in 6.4. Overriding Common NameUsually an instance may use a certificate in case the common name (CN) consists of the application name itself. For example, if the application “Cortex” is to use a certificate which has the common name “test.kgs-software.net”, the request will not succeed. However, if the parameter “CNOverride” is configured to use “test”. In this case, the request will succeed as the application “Cortex” is allowed to use the certificate with the common name, “test”. The PublicStoreAlias should also be configured with the correct alias. Generating Signed KeysWe have developed a command-line tool to generated signed Text based on the input given by the user which is usually the application Name. However, there is also a possibility of generating the signed text from the GUI of the Framework. The option is located at “Main -> KGS Web Service -> Generate SecKeys” as shown below.
After you click this option, a CSV file will be generated consisting of the application/instance names along with the signed texts (security keys). In order to use this option, following are the prerequisites.
|
Page Comparison
General
Content
Integrations