Secure Realm Servers

A secure realm server uses certificates and TLS to guarantee its identity to clients and other realm servers, and to protect its communications with them.

Files

A secure realm server automatically generates the following files, and stores them in its data directory.

Keystore File: A file that contains the realm server's private key data. This file is encrypted to keep it secure.
Trust File: A plaintext file that contains the realm server's certificate. Administrators distribute this file for use with affiliated realm servers and with application programs.

Running a Secure Realm Server
A secure realm server can generate all the data it requires for TLS, except for the keystore password, which you must supply.
Running a Secure Backup or Satellite Realm Server
Backup and satellite realm servers must trust the primary realm server. An affiliated realm server can use either the same keystore password as the primary, or a separate password.
Keystore File Password Security
The keystore password is sensitive information, and keeping it secure is critical to the security of your realm server. You can supply a keystore password in any of four ways, which vary in the level of protection they provide for the password.
Realm Server Certificates and Web Browsers
The realm server generates its own certificates. Web browsers detect and reject such self-signed certificates. Administrators can resolve this issue at the realm server, or at each individual browser.
Trust File
A secure realm server automatically generates a trust file. The content of the trust file instructs clients to trust the realm server's certificate. Administrators and developers coordinate to supply the trust file to application programs.

Related concepts

Affiliated Realm Servers

Realm Server Authentication

Option and Property Names

Related reference

Realm Server Executable Reference

Realm Server Administration Utility Reference

Contents

Index

Search Results

Secure Realm Servers

Files