Configuring RSA Authentication

RSA authentication requires a set of private and public keys with an alias that functions as a user name.

RSA authentication uses public and private keys instead of passwords to authenticate with the ESP Server to create a secure login system. Each key has an alias that functions as a user name for login. When users connect to the cluster manager, they provide – either through Studio prompts or a command argument – a key alias, a keystore that contains a private key, and a password for the keystore. To sign a message you must have a private key, and you must also provide the corresponding public key to the server.

The server uses the user name or certificate alias to get the public key from its keystore. The public key verifies the signed message that was sent by the client/user. Your public key must be deployed in the server.

Configuring ESP for RSA authentication requires that you configure both the server to add an RSA authentication provider, and the client to create a keystore and generate keys.

Configuring the Server for RSA
To configure the server for RSA authentication, modify the node1.xml and csi_rsa.xml files.
Configuring a New Alias for Client RSA Authentication
Use the Java keytool utility to create public and private keys for RSA authentication, then add the public key and RSA alias to the cluster’s keystore.

Parent topic: Authentication