7.1 Using SSL in SMDR

SMDR is enabled to use SSL and uses Novell TLS (NTLS) library for SSL operations.

When SMDR is configured to use SSL, it encrypts the channel by securing data that is exchanged between servers. For configuration options in SMDR, see Section 7.3, Configuration Options.

SMDR provides you the option of using SSL with or without certificates.

7.1.1 Using SSL without Certificates

When using SSL without certificates, SMDR uses cipher suites based on the anonymous Diffie-Hellman protocol to exchange session keys. This mechanism provides session security because the data is encrypted across the connections. However, this does not provide server identity authentication because certificates are not used to validate server identity.

7.1.2 Using SSL with Certificates

When SMDR is configured to use SSL with certificates, it has the ability to authenticate the server identity and secure data on the network. The server’s certificate that is exchanged during the SSL channel establishment provides server authentication.

Certificate Types

SMDR supports PEM (Privacy Enhanced Mail) encoded or DER (Distinguished Encoding Rules) encoded certificates. Certificates in other formats must be converted to either PEM or DER format in order to be used with SMDR.

PEM and DER are used by openSSL to represent public and private keys and signatures for X.509 compliant certificates. The DER format is a block of base64 encoded data for a digital certificate. The PEM format is the DER format encoded with additional header and footer lines.

7.1.3 Password-Encrypted Private Key Files

Private keys stored on servers are typically encrypted using passwords. SMDR supports SSL private key files that are encrypted using this method.

If the private key file is password-encrypted, SMDR loads and displays a screen to accept the password. Enter the password at the prompt to continue loading SMDR.