Configuration of Airlock Gateway
The use of HTTPS/TLS in conjunction with a server certificate for IAM guarantees that only IAM can send commands using the Airlock Gateway Control API to the Airlock Gateway and the privacy of the data exchanged between Gateway and IAM. IAM is delivered with a default certificate for HTTPS which should be replaced by a custom certificate since the same private key is included in all IAM installations.
- HTTPS/TLS with authentication of IAM is configured as follows (requires OpenSSL):
- Create a self-signed Certificate:
- Create a key store containing the generated certificate and private key if not already done:
- In order to keep all configuration files in the same place, the created
iam-keystore.p12
should be copied into the relevant instance's configuration directory. (e.g.instances/auth/iam-keystore.p12
) - Update the instance parameters in
instance.properties:
- Restart Airlock IAM
- Add the self-signed IAM server certificate as
BackendSSLServerCA
certificate to the IAM back-end group of the Airlock Gateway and enableBackendSSLVerifyHost
for this backend group (for a detailed description of this step see: https://techzone.airlock.com/backend-ssl).
If "BackendSSLVerifyHost" is set to "TRUE" in the Airlock Gateway expert settings on the Airlock IAM backend, the common name (CN) of the certificate must match the hostname of the host running Airlock IAM.