Configuring Security for the Administrative Domain
6-16 Oracle Secure Backup Installation and Configuration Guide
■ Disable SSL for inter-host authentication and communication by setting the
securecomms security policy
■ Transmit identity certificates in manual certificate provisioning mode
■ Set the key size for a host to a value greater or less than the default of 1024 bits
■ Enable encryption for backup data in transit by setting the
encryptdataintransit security policy
Configuring Security for the Administrative Domain
This section describes how to configure security for the administrative domain.
This section contains these topics:
■ Providing Certificates for Hosts in the Administrative Domain
■ Setting the Size for Public and Private Keys
■ Enabling and Disabling SSL for Host Authentication and Communication
Providing Certificates for Hosts in the Administrative Domain
Providing a certificate for each host in the Oracle Secure Backup administrative
domain requires that you first configure the administrative server and then configure
each media server and client.
Configuring the Administrative Server
If you install Oracle Secure Backup on a host and specify this host as the
administrative server, then this server is the Certification Authority (CA) for the
Oracle Secure Backup administrative domain. Oracle Secure Backup configures the
host as the CA automatically as part of the standard installation. You are not required
to take additional steps to provide a signing certificate for this server.
Oracle Secure Backup automatically creates the following items:
■ A host object corresponding to the administrative server in the object repository
on the administrative server.
■ A wallet to contain the administrative server's certificates. The wallet resides in
the directory tree of the Oracle Secure Backup home. Oracle Secure Backup uses
the host ID as the wallet password.
■ A request for a signing certificate in the wallet.
■ A signed certificate in response to the request and stores the certificate in the
wallet.
■ A request for an identity certificate in the wallet.
■ A signed certificate in response to the request and stores it in the wallet.
■ An obfuscated wallet in the local wallet directory.
The administrative server now has the signing certificate, which it must have to sign
the identity certificates for other hosts, and its identity certificate, which it must have
to establish authenticated Secure Sockets Layer (SSL) connections with other hosts in
the domain.
To Next Page
Loading...
Need help?
General