Changing the ibss config file
Go Up to Setting up the Server Side
Following is sample ibss_config file:
IBSSL_SERVER_HOST_NAME=localhost IBSSL_SERVER_PORT_NO=3065 IBSSL_SERVER_PHASSPHRASE=serverkey IBSSL_SERVER_clientCertFile=<install_directory>/secure/server/ibserver.pem #IBSSL_SERVER_PASSPHRASEFILE=c:/secure/pass.txt #example comment line #only needed for client verification #IBSSL_SERVER_VERIFY_CLIENT #IBSSL_SERVER_CAFILE=<install_directory>/secure/server/root.pem
Table 1.5 provides a description of each parameter in the sample above.
| Parameter | Description |
|---|---|
|
IBSSL_SERVER_PORT_NO and IBSSL_SERVER_HOST_NAME |
Port number and the hostname of the SSL port number and SSL machine name (can be localhost) of the InterBase server the InterBase Server is running on. The defaults are machine name or host name and '3065.' In most cases the IBSSL_SERVER_HOST_NAME need not be set. |
|
IBSSL_SERVER_CERTFILE |
Location of the private key stored in a file.This will be used by the server for encryption. (Default location and filename: will the <install_directory>/secure/server/ibserver.pem. The IBSSL_SERVER_CERTFILE must be in PEM format and must contain both the private key and the certificate. |
|
IBSSL_SERVER_PASSPHRASEFILE |
Location of the file containing the passphrase. This must be secure. Make sure you have the correct permissions for this file; the server only needs read access to the file during start up time. The log file will indicate via a message that the passphrase is not loaded. This means you can have the pass phrase on a removable media and once the server has started the media (and hence the passphrase) maybe safely removed. |
|
IBSSL_SERVER_PASSPHRASE |
Contains the server pass phrase to be used in conjunction with the server certificate file. Use this instead of the IBSSL_SERVER_PASSPHRASEFILE. If both are set the IBSSL_SERVER_PASSPHRASE is used instead of IBSSL_SERVER_PASSPHRASEFILE. If both are not set, InterBase assumes that the private key does not contain a pass phrase. |
|
IBSSL_SERVER_VERIFY_CLIENT |
If this parameter is set, then the server will ensure that the client has sent us a certificate. This certificate will be verified against the file specified in the IBSSL_SERVER_CAFILE (or the directory specified in the IBSSL_SERVER_CAPTH). |
|
IBSSL_SERVER_CAFILE |
Location of the file containing the CA file, which can be used to verify the client certificate.There is no default for this file. However, it is recommended that you locate the file in <install_directory>/secure/server/ and call it ibrootcert.pem. The file must be in PEM format and is needed only if the IBSSL_SERVER_VERIFY_CLIENT flag is set. |
|
IBSSL_SERVER_CAPATH |
Used for the same purpose as the IBSSL_SERVER_CAFILE. However, in this case, the parameter points to a directory containing the CA certificates in PEM format.The files each contain one CA certificate, and are only needed if the IBSSL_SERVER_VERIFY_CLIENT flag is set. The files are looked up by the CA subject name hash value, which must be available. See “About the “c_rehash” command” for information about this command, which can be used to convert multiple PEM files into a IBSSL_SERVER_CAPATH-accessible directory. |
In addition, InterBase following information is assumed about the ibss_config file:
- General format of the file is <parameter_name>=value.
- Lines starting with “#” are assumed to be comments.
- Lines greater than 1023 characters are truncated to 1023 characters.
- Spaces at the end of the line are considered part of the name or number, so do not put spaces at the end of a line. In case of a filename, enclose the filename in straight quotation marks to avoid problems with unseen space characters at the end of the line.