HP NonStop SSL Reference Manual Installation • 29
Installing an SSL Tunnel for EXPAND-over-IP Lines
Creating an SSL tunnel for an EXPAND-over-IP line requires running a HP NonStop SSL process in EXPANDS mode
for the line handler on both sides of the connection. The configuration of the HP NonStop SSL processes can be easily
derived from the existing line handler configuration of EXPAND-over-IP line. To enable the tunneling, only a single line
handler attribute needs to be changed.
To install an SSL tunnel process for an EXPAND-over-IP line handler, you will need to perform the following steps on
both NonStop servers connected by the line:
1. Install a HP NonStop SSL EXPAND proxy (EXPANDS) proxy process for the EXPAND line.
2. Reconfigure your EXPAND line configuration to activate the SSL tunnel for the EXPAND line.
Note: This section lists the basic installation instructions. For a production installation, please refer to "Load Balancing
and Fault-Tolerance of EXPAND over SSL" in chapter "Configuration".
To install the HP NonStop SSL EXPANDS proxy
1. Determine the name of the EXPAND-over-IP line handler you want to secure.
2. At your TACL prompt, run the HP NonStop SSL SETUP macro:
> VOLUME $SYSTEM.ZNSSSL
> RUN SETUP
Enter the name of the line handler when requested.
The SETUP macro will create a configuration file (e.g. EXPSCF0) and an SCF IN file for the installation as
persistent process (e.g. EXPSIN0).
3. Start the HP NonStop SSL EXPANDS persistent process, e.g.
> SCF START PROCESS $ZZKRN.#SSL-EXPANDS-0
4. Check the log file (configured in the configuration file) to verify the EXPANDS process has started correctly,
e.g.
> SHOWLOG EXPSLOG *
Verify that the log contains a message of the following pattern:
$EXPS1|19May10 17:48:47.04|20|EXPAND proxy started (10.0.0.196:1280 <- 10.0.0.198:1280)
Note: These steps need to be performed on both systems connected over the EXPAND-over-IP line.
To activate the SSL tunnel for the EXPAND line
5. Using SCF, alter the configuration of the EXPAND line as follows:
> ASSUME LINE <line>
> ABORT
> ALTER, DESTIPADDR 127.0.0.1
> START
6. After the tunnel is properly configured on both sides, the HP NonStop SSL log file should contain messages of
the following pattern:
$EXPS |27Apr05 12:31:41.01|50|E1| tunnel connect succeeded, tunnel ready
or
$EXPS |27Apr05 12:37:26.78|50|E1| accepted tunnel connection, tunnel ready
The EXPAND line should then show the "READY" state.
Note: Again, that change in the SCF configuration has to be done on both systems.
To Next Page
Loading...
Need help?
General