Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »


To prevent anybody from eavesdropping on the bit repository data and messages exchanged, all communication is encrypted. 

Messagebus communication

All protocol messages are exchanged via the messagebus (coordinating layer). To prevent anyone not part of the repository from eavesdropping, the communication is encrypted preferably using mutual TLS (mTLS). 

The use of mTLS ensures that a component (pillar or client) will only communicate with a trusted messagebus and the messagebus will refuse connections to unknown components. 

Instructions for setting up ActiveMQ to use ssl certificates can be found here: http://activemq.apache.org/how-do-i-use-ssl.html. Additionally it should be ensured that only encrypted connections is available and that the ssl connector have the parameters "?wantClientAuth=true&needClientAuth=true" in its uri, this forces the use of mTLS. 

FileExchange

To exchange data a concept of FileExchange exists. Which protocols is supported is not set in stone, but caution should be taken to ensure that traffic is encrypted. 

The reference fileexchange is Webdav over a https (mTLS) connection. 

Distribution of certificates

To distribute certificates RepositorySettings is used as the single source of trust in the repository. That also encompass the infrastructure components such as ActiveMQ and FileExchange. 

Setting up an ActiveMQ or FileExchange i.e. webdav, certificates to trust should taken from RepositorySettings permissions section. 

Certificates used with encrypted messagebus and/or FileExchange should follow:

  • The ActiveMQ messagebus should trust certificates with the <InfrastructurePermission>MessageBusClient</InfrastructurePermission>
  • The FileExchange should only trust client certificates with the <InfrastructurePermission>FileExchangeClient</InfrastructurePermission> 
  • Clients and pillars should only trust ActiveMQ instances using certificates with the <InfrastructurePermission>MessageBusServer</InfrastructurePermission>
  • Clients and pilalrs should only trust FileExchanges instances using certificates with the <InfrastructurePermission>FileExchangeServer</InfrastructurePermission>


  • No labels