Schema Repository Security
The schema repository is secure if and only if the realm server is secure.
When the repository connects and authenticates to a secure realm server, the realm server automatically generates and signs a temporary certificate that identifies the repository to its clients. The repository stores this certificate in process memory only.
Clients need only the realm server trust file to verify the identity of the repository because its certificate is signed by the realm server.
Repository Certificate Parameters
Some situations that require the repository's temporary certificate to name a specific host name or IP address. The repository embeds the values of two optional parameters in the subject alternate name (SAN) portion of its certificate. When these parameters are absent, empty, or null, the repository attempts to supply reasonable values.
Configuration File Parameter | Environment Variable | Description |
---|---|---|
reachable_dns
Value is a JSON array of strings. |
TIBSCHEMAD_REACHABLE_DNS
Value is a comma-separated list. |
Host name where clients can reach the repository. |
reachable_ip
Value is a JSON array of strings. |
TIBSCHEMAD_REACHABLE_IP
Value is a comma-separated list. |
IP address where clients can reach the repository. |
Copyright © Cloud Software Group, Inc. All rights reserved.