Setting up full SSL security
About this task
To set full SSL connection security for your network, you must, in addition to all the steps described above in Setting connection security) configure the following options:
- enSSLFullConnection (or sf)
- Use optman on the master domain manager to set this global option to Yes to enable full SSL support for the network.
- nm SSL full port
- Edit the localopts file on every agent of the network (including the master domain manager) to set this local option to the port number used to listen for incoming SSL connections. Take note of the following:
- This port number is to be defined also for the SECUREADDR parameter in the workstation definition of the agent.
- In a full SSL security setup, the nm SSL port local option is to be set to zero.
- You must stop netman (conman shut;wait) and restart it (StartUp) after making the changes in localopts.
- Check that the securitylevel parameter in the workstation definition of each workstation using SSL is set at least to enabled.
Other than the changed value for secureaddr, no other changes are required in the workstation definitions to set up this feature.