CCISSF depends on OpenSSL for effective communication. To use CCISSF, you must configure it to use OpenSSL.
If OpenSSL is available on the system when CAICCI initializes, CAICCI uses the OpenSSL libraries to provide service for any secure connections. If OpenSSL is not available, CAICCI follows the behavior defined in the following table:
|
Effective SECURE Values of All Connections |
CAICCI Behavior if OpenSSL Is Not Available |
|---|---|
|
No—Default is No and no remote configuration file entries with SECURE=YES |
Warning message to the Event Log or syslog indicating that OpenSSL is not present at the time of initialization. All inbound connections will be denied if a secure connection request is made. All outbound connections will be made as a non-secure request. |
|
Yes—Default is Yes or at least one remote configuration file with SECURE=YES |
An error message will be issued to the Event Log or syslog indicating the required OpenSSL component is not present and that only non-secure connections will be made. CAICCI will initialize but only connections that are requested to be non-secure will be made. Any connection for which the effective value of Secure is Yes will be disabled. |
Note: SSL connections are currently supported only between CAICCI remote daemons. Communication between hosts that use the QUES layer (transport daemon) cannot use SSL. The QUES implementation is typically used in Windows environments. For those users that want to use CCISSF, you must migrate to the remote daemon implementation.
|
Copyright © 2010 CA.
All rights reserved.
|
|