Project

General

Profile

Actions
Copy link

Task #5227

closed

Task #3475: Add 2 OrientDB instances

Enable SSL on the orientdb instances

Added by Andrea Dell'Amico over 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Andrea Dell'Amico
Category:
Application
Target version:
Dev Resource Registry Deployment
Start date:
Sep 29, 2016
Due date:
% Done:

100%

Estimated time:
Infrastructure:
Development

Description

See http://orientdb.com/docs/2.2.x/Using-SSL-with-OrientDB.html

Related issues

Blocks D4Science Infrastructure - VM Creation #6849: Create an OrientDB cluster for productionClosed_InfraScience Systems EngineerFeb 02, 2017Feb 10, 2017

Actions
Actions
Copy link
 #1

Updated by Andrea Dell'Amico over 8 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #2

Updated by Andrea Dell'Amico over 8 years ago

  • % Done changed from 0 to 50

I'm ready to test the configuration that enables SSL. The keystore is already in place and the configuration template has been modified.
@luca.frosini@isti.cnr.it when are you available to test the new settings?

Actions
Copy link
 #3

Updated by Andrea Dell'Amico over 8 years ago

  • % Done changed from 50 to 90

The configuration is under test.

Actions
Copy link
 #4

Updated by Andrea Dell'Amico about 8 years ago

Actions
Copy link
 #5

Updated by Andrea Dell'Amico about 8 years ago

@luca.frosini@isti.cnr.it is it working?

Actions
Copy link
 #6

Updated by Luca Frosini about 8 years ago

It works, but you told me that you are not sure that everything is passing along a secure connection.

Actions
Copy link
 #7

Updated by Andrea Dell'Amico about 8 years ago

Luca Frosini wrote:

It works, but you told me that you are not sure that everything is passing along a secure connection.

Something needs to go on plain http and we discovered it when we closed the http ports.
But does the clients traffic go over https?
You can check it easily with tcpdump or even watching the firewall counters:

iptables -nvL reports the traffic for each rule, so if the counters associated to the https ports increase, clients use them.

With tcpdump you can use the command

tcpdump -i any -e -n host <your client IP> to intercept all the traffic from one client. This way you can have a complete scenario. The command must be run on all the orientdb servers.

Actions
Copy link
 #8

Updated by Luca Frosini about 8 years ago 

tcpdump -i any -e -n host 146.48.122.34

produces the following lines:

18:48:31.432486 Out 00:16:3e:17:af:b0 ethertype IPv4 (0x0800), length 403: 146.48.122.23.2424 > 146.48.122.34.48041: Flags [P.], seq 149364:149699, ack 309239, win 661, options [nop,nop,TS val 2256673866 ecr 4021859881], length 335
Actions
Copy link
 #9

Updated by Andrea Dell'Amico about 8 years ago

Port 2424 is the plain http one. So there's something that is not working correctly.

Actions
Copy link
 #10

Updated by Andrea Dell'Amico about 8 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

The configuration is correct, the documentation says.

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 8.91 MB)