Configuring full SSL support for internetwork dependencies

About this task

The network agent that resolves internetwork dependencies requires a particular setup for full SSL support.

To enable a network agent for full SSL support:
  1. Configure both the hosting and the remote fault-tolerant agents for full SSL support.
  2. On the hosting fault-tolerant agent copy or move the netmth.opts file from the DATA_DIR/config to the DATA_DIR/methods directories and add (and configure) the following options:
    SSL remote CPU
    The workstation name of the remote master or fault-tolerant agent.
    SSL remote full port
    The port number defined for full SSL support on the remote master or fault-tolerant agent.
    The local options that specify the private key and certificate on the hosting fault-tolerant agent
    These are documented in the Setting local options).
    Note that if the hosting fault-tolerant agent hosts more than one network agent, the DATA_DIR/methods directory contains one netmth.opts file for every defined network agent. In this case the complete name of each netmth.opts file must become: 
    network-agent-name_netmth.opts
    If the DATA_DIR/methods directory contains both network-agent-name_netmth.opts and netmth.opts files, only network-agent-name_netmth.opts is used. If multiple agents are defined and the directory contains only netmth.opts, this file is used for all the network agents.
The following example adds full SSL support to the example described in A sample network agent definition:
  • This is the workstation definition for the NETAGT network agent: 
    CPUNAME NETAGT
 DESCRIPTION "NETWORK AGENT"
 OS OTHER
 NODE MASTERA.ROME.ITALY.COM 
 TCPADDR 31117 
 FOR maestro 
  HOST MASTERB
  ACCESS NETMTH
END
  • These are the full SSL security options in the netmeth.opts file of NETAGT: 
    ######################################################
# Remote cpu parameters
######################################################

SSL remote full port = 31119
SSL remote CPU = MASTERA

######################################################
# Configuration Certificate
######################################################

SSL key                 ="C:\TWS\installations\SSL\XA.key"
SSL certificate         ="C:\TWS\installations\SSL\XA.crt"
SSL CA certificate      ="C:\TWS\installations\SSL\VeriSte.crt"
SSL key pwd             ="C:\TWS\installations\SSL\XA.sth"
SSL certificate chain   ="C:\TWS\installations\SSL\TWSCertificateChain.crt"
SSL random seed         ="C:\TWS\installations\SSL\random_file.rnd"
SSL auth mode           =cpu
SSL auth string        =tws
    Note: The SSL configuration certificate options must refer to the private key and certificate defined on the hosting fault-tolerant agent.
  • This is the workstation definition for MASTERA (the remote workstation): 
    CPUNAME MASTERA
  OS WNT
  NODE 9.168.68.55 TCPADDR 31117
  SECUREADDR 31119 
  DOMAIN NTWKA
  FOR MAESTRO
    TYPE MANAGER
    AUTOLINK ON
    BEHINDFIREWALL OFF
    SECURITYLEVEL enabled
    FULLSTATUS ON
    SERVER H
END