Veritas Access Solutions Guide for Software-Defined Storage (SDS) Management Platform
- Introduction
- Deploying the SDS Management Platform with Veritas Access
- Using the SDS Management Platform interface
- Setting up SSL in the SDS Management Platform
- Performing authentication
- System backup and restore
- Troubleshooting
- SDS Management Platform known issues
Certificate-based client authentication
The SDS Management Platform supports HTTP SSL certificate-based client authentication. If enabled, it is activated on an additional port in the web server (default: 50444), and clients must provide a valid certificate that is accepted by the web server.
You can configure a certificate-based client using the following settings:
Table:
Settings | Description |
---|---|
enableHttpSslCert | Enables HTTP SSL certificate-based authentication for the web server. If enabled, certificate-based authentication is activated on the configured httpSslCertPort. |
httpSslCertPort | Secures (SSL) HTTP port for certificate-based authentication to the web interface. Default: 50444 |
httpTrustStore | SSL TrustStore used by the web server. For example, for client-based certificate authentication, see enableHttpSslCert setting. Default: |
httpTrustStorePassword | SSL TrustStore password used by the web server. |
httpKeyStore | SSL KeyStore used by the web server. Default: |
httpKeyStorePassword | SSL KeyStore password used by the web server. |
By default, the SDS Management Platform ships an empty TrustStore. To establish trust, a valid CA certificate must be added to the TrustStore; alternatively, an existing trust store can be used.
Note:
Certificate-based authentication can only be activated if the configured TrustStore contains at least one valid certificate. According to the protocol, clients require a certificate that is signed by a trusted CA.
To import a public CA key to an existing TrustStore, you can use the following command:
keytool -import -v -trustcacerts -alias my_ca -file ca.crt -keystore truststore