Upload
larissa-peterson
View
35
Download
5
Embed Size (px)
DESCRIPTION
`. IIPS Conference 2005 SSL for Colleague UI. Overview of UI telnet Connections. Datatel’s Colleague UI Desktop Unsecure telnet – Port 23 Secure Sockets Layer telnet – Port 992. SSL Certificates. Certificates Identifies the server Server has the private key to match public key - PowerPoint PPT Presentation
Citation preview
`̀
IIPS Conference 2005IIPS Conference 2005
SSL for Colleague UISSL for Colleague UI
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
Overview of UI telnet ConnectionsOverview of UI telnet Connections
Datatel’s Colleague UI DesktopDatatel’s Colleague UI Desktop
– Unsecure telnet – Port 23Unsecure telnet – Port 23
– Secure Sockets Layer telnet – Port 992Secure Sockets Layer telnet – Port 992
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
SSL CertificatesSSL Certificates
CertificatesCertificates– Identifies the serverIdentifies the server
Server has the private key to match public keyServer has the private key to match public key
– Provides a cipher for packet encryptionProvides a cipher for packet encryption User requests a connectionUser requests a connection Server responds with a public keyServer responds with a public key Once there is agreement the server uses the Once there is agreement the server uses the
certificate’s cipher to encrypt the data packetscertificate’s cipher to encrypt the data packets
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
SSL CertificatesSSL Certificates
Where are SSL Certificates stored for Where are SSL Certificates stored for Unidata?Unidata?– Unidata provides the ssltelnet daemonUnidata provides the ssltelnet daemon– These locations:These locations:
/opt/SSL/certs/opt/SSL/certs /datatel/release/LIVE17/INSTALL/.bsrcfile/datatel/release/LIVE17/INSTALL/.bsrcfile /datatel/release/LIVE17/INSTALL/_SECUTX_/datatel/release/LIVE17/INSTALL/_SECUTX_
What about securing the certificates?What about securing the certificates?– Yes. Especially the private keysYes. Especially the private keys– Where are they and how do I protect them?Where are they and how do I protect them?
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
Obtaining a Signed CertificateObtaining a Signed Certificate
Create a Certificate RequestCreate a Certificate Request– Follow setup procedures in documentFollow setup procedures in document
Submit a Certificate RequestSubmit a Certificate Request– Use NCCCS Certificate AuthorityUse NCCCS Certificate Authority
Install Signed CertificateInstall Signed Certificate– Your signed certificate is returned with the Your signed certificate is returned with the
NCCCS Intermediate CertificateNCCCS Intermediate Certificate– Install signed certificate into UnidataInstall signed certificate into Unidata
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
Submitting a Certificate RequestSubmitting a Certificate Request
NCCCS WebsiteNCCCS Website– Faculty and StaffFaculty and Staff
Administrative ResourcesAdministrative Resources
– SystemsSystems
NCCCS Root CertificatesNCCCS Root Certificates
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
Installing NCCCS Root CertificateInstalling NCCCS Root Certificate
Refer to NCCCS Systems Sub-WebRefer to NCCCS Systems Sub-Web
– Notify usersNotify users– Continue testingContinue testing
– Steps to Increasing SecuritySteps to Increasing Security Disallow unsecure connectionsDisallow unsecure connections Remove telnet 23 (remember to activate for Remove telnet 23 (remember to activate for
Datatel Installshield use)Datatel Installshield use)
North Carolina Community College System
H. Martin Lancaster, President www.nccommunitycolleges.edu Fifty-eight Institutions Educating and Training a World-Class Workforce
SSL for Colleague UISSL for Colleague UI
Questions ?Questions ?
http://nccommunitycolleges.eduhttp://nccommunitycolleges.edu