Creating the Certificates Directory, Enabling SSL, and Verifying the Log Files

Learn the steps to create the certificates directory, enable SSL, and verify the log files.

Note: In this task, the DirectConnect server name and service name must be the same.

Create a directory to hold the certificates:

mkdir /<install_dir>/DC-15_0/servers/<server name>/certificates

Copy the servicename.crt, servicename.pwd, servicename.txt, and the svrname.txt files into the new certificates directory created in the previous step:

cp <install_dir>/DC-15_0/bin/servicename.*
/<install_dir>/DC-15_0/servers/<srvname> /certificates/.

cp <install_dir>/DC-15_0/bin/srvname.txt
/<install_dir>/DC-15_0/servers/<srvname> /certificates/.

cp <install_dir>/DC-15_0/bin/trusted.txt
/<install_dir>/DC-15_0/servers/<srvname> /certificates/.

Verify that the files are copied by listing the contents of the certificates directory:
```
<prompt>% cd /<install_dir>/DC-15_0
/<srvname>/certificates
```
```
prompt% ls
```
```
servicename.crt
servicename.pwd
servicename.txt
```
```
srvname.txt
trusted.txt
```
Note: The files located in the /<install_dir>/DC-15_0/<srvname>/certificates directory include keys and password information. It is important to modify the permission of these files so that they are only viewable and writable by the user account that starts the server. To do this, change the files' permission to 600. Consult your IT security officer for further steps.
To enable the SSL service, edit the server.cfg file:
- Enter the name of the service in the SSLServices property that will use SSL.
- Enter yes in the SSLEnabled:
```
cd /<install_dir>/DC-15_0/servers/<srvname>/cfg
```
```
vi server.cfg
```
```
{Client Interaction}
SSLServices=servicename
SSLEnabled=yes
```

Verify that the logging properties are set correctly:

prompt% cat server.cfg

{Logging}
LogWrap=yes
LogToScreen=yes
LogOCOSMessages=1
LogFlush=yes
LogFileSize=500000
LogFileName=
LogClientMessages=1
LogClientLogin=yes

Append “ssl” to the master and query entries in the interfaces file:

cd <install_dir>
vi interfaces

server name

master tcp ether machine name 12510 ssl
query tcp ether machine name 12510 ssl

Start ECDA by entering:

cd /<install_dir>/DC-15_0/bin
prompt% DCStart -S<srvname>

Verify that these log file entries exist in /<install_dir>/DC-15_0/servers/<server name>/log /<server name>.log:

LogHeader	...SSL: Checking for servicename.txt...
LogHeader	...SSL: Using trusted CA file...
LogHeader	...SSL: Checking for servicename.crt...
LogHeader	...SSL: Using certificate file...
LogHeader	...SSL: Checking for servicename.pwd...
LogHeader	...SSL: Using certificate password file...