Setting up full SSL security
About this task
To set full SSL connection security for your network, you must, in addition to
all the steps described above in Connection security overview) configure the
following options:
- enSSLFullConnection (or
sf
) - Use
optman
on the master domain manager to set this global option toYes
to enable full SSL support for the network. For more information, see Setting global options. - nm SSL full port
- If you defined the SSL port at installation time using
the netmansslport parameter, no further action is
required. For more information about the
netmansslport parameter, see Agent installation parameters - twsinst script,
Master components installation - serverinst script.If you have not defined the SSL port at installation time, edit the
localopts
file on every agent of the network (including the master domain manager) to set this local option to the port number used to listen for incoming SSL connections. For more information, see Setting local options. Take note of the following:- This port number is to be defined also for the
SECUREADDR
parameter in the workstation definition of the agent. - In a full SSL security setup, the
nm SSL port
local option is to be set to zero. - You must stop netman
(conman shut;wait) and restart it
(StartUp) after making the changes in
localopts
. - Check that the
securitylevel
parameter in the workstation definition of each workstation using SSL is set at least to enabled.
- This port number is to be defined also for the
Other than the changed value for secureaddr
, no other changes are required in the workstation definitions to set up this feature.