Skip to main content

This CGIT instance is deprecated, and repositories have been moved to Gitlab or Github. See the repository descriptions for specific locations.

summaryrefslogtreecommitdiffstats
path: root/rse/doc/org.eclipse.rse.doc.user/tasks/tworkssl.html
diff options
context:
space:
mode:
Diffstat (limited to 'rse/doc/org.eclipse.rse.doc.user/tasks/tworkssl.html')
-rw-r--r--rse/doc/org.eclipse.rse.doc.user/tasks/tworkssl.html88
1 files changed, 0 insertions, 88 deletions
diff --git a/rse/doc/org.eclipse.rse.doc.user/tasks/tworkssl.html b/rse/doc/org.eclipse.rse.doc.user/tasks/tworkssl.html
deleted file mode 100644
index bb6661380..000000000
--- a/rse/doc/org.eclipse.rse.doc.user/tasks/tworkssl.html
+++ /dev/null
@@ -1,88 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<meta name="copyright" content="Copyright (c) IBM Corporation 2007. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page." />
-<link rel="stylesheet" type="text/css" href="../book.css" />
-<title> Working with SSL </title>
-</head>
-<body>
-<h1>Working with SSL</h1>
-<h2>SSL Overview</h2>
-<p>
-Secure-Sockets Layer (SSL) is a communications facility that encrypts all communications
-between a client and a target system. The DStore communications protocol in RSE supports SSL.
-</p>
-<p>
-SSL achieves its security by using <em>certificates</em> to authenticate each side of a
-connection made between two parties. The certificates allow for the certain identification of those
-parties and for the negotiation of an encrypted channel for communication. The certificates
-themselves are files whose alteration can be easily detected and whose origin is verified by a
-trusted <em>certificate authority</em>.
-</p>
-<p>
-Web browsers use SSL and request SSL certificates from their servers to communicate with
-on-line stores, banks, and other service providers. These are the same kind of certificates, but are
-used for a different purpose. A web browser will typically be verifying the identity of the server
-and will be contacting a certificate authority to do so. RSE users, on the other hand, will
-typically trust the target system to provide certificates to client systems so that the
-communications can be encrypted.
-</p>
-<h2>Using SSL</h2>
-<p>
-Certificates are usually manufactured by a service provider (such as a target system) in concert
-with a certificate authority. The authority can be any entity that the target system trusts including
-itself. Certificates are delivered to a client system by the target system when the two are negotiating
-an SSL connection. When starting a connection to a server, DStore first attempts an SSL connection
-and then falls back to non-SSL if the SSL one fails. As a client, you don't need to be concerned
-with the handling of certificates at all, but you can use the RSE SSL preferences
-page to manage all your certificates that you have received from the target systems you have
-connected to in the past.
-</p>
-<p>
-You reach the RSE preferences page by opening the <code>Preferences</code> for the workbench,
-expanding the <code>Remote Systems</code> category and selecting the <code>SSL</code> subcategory.
-There you will see operations that allow you to add certificates, rename them to make them easier to
-manage, remove them once they have expired, and view their contents. You would typically see one
-certificate for each target system that you have connected to using SSL.
-</p>
-<h2>Setting Up The Server</h2>
-<p>
-You set up the DStore server to use SSL by editing the <code>ssl.properties</code> file in the
-server location. This server names the keystore and its password used for holding certificates
-generated using the <code>keytool</code> utility from the Java SDK.
-These certificates are then given to the client during SSL
-startup so that communications can be encrypted.
-</p>
-<p>
-The keystore file referenced by <code>ssl.properties</code> can contain several entries but only one is
-used when a client connects. The entries in the keystore may themselves have passwords, but dstore assumes
-that these are all the same as the keystore password. It makes sense, therefore, to maintain only
-one keystore for the dstore server, that it have only one entry, and that it exist in the same
-directory as the dstore server. That entry can be a self-signed certificate.
-</p>
-<p>
-The following command will create a keystore and add a single self-signed certificate to it.
-</p>
-<pre><code>
-keytool -genkey -keystore keystore_file -alias entry_name -storepass d98kMn50sV
- -dname "CN=dstore server, OU=division, O=company, L=city, ST=state, C=country"
-</code></pre>
-<p>
-The command would be entered on a single line. It appears here on multiple lines for readability.
-</p>
-<p>
-After entering this command you will be prompted to supply a password for the entry itself.
-You should press enter to take the default which is the keystore password.
-</p>
-<p>
-One would then edit the ssl.properties file to use this as follows:
-</p>
-<pre><code>
-daemon_keystore_file=keystore_file
-daemon_keystore_password=d98kMn50sV
-</code></pre>
-</body>
-</html>

Back to the top