Step 2: Install a signed CA on IXIA TEXTML Server

Once you obtain the signed certificate of authenticity (CA) and its private key, you must install both on the IXIA TEXTML Server.

About this task

You must complete the first step of setting up OpenSSL before you install it. See Step 1: Obtain a signed certificate.

To install a signed CA on IXIA TEXTML Server:

Procedure

  1. Copy the textml_signed_cert.pem and textml_cert_privatekey.pem files to the following directory:
    Note: Create the Certificates directory if it does not exist. The path to the certificate directory is hard-coded in some files, such as /perl/CommonSubs.pm. Some scripts or actions may fail if the certificates are not in the default location.
    Table 1. Default location for Windows or Linux CA directory

    Platform

    Directory

    Windows

    C:\ProgramData\IxiaSoft\Certificates

    Linux

    /opt/ixiasoft/certificates/

  2. Open the TextmlServerCfg.xml file with a text editor.
    Table 2. Location for Windows or Linux CA TextML Server config file

    Platform

    Directory

    Windows

    C:\ProgramData\IxiaSoft\TextmlServer43

    Linux

    /opt/ixiasoft/textmlserver/%instance-name%/

  3. Look for the <SSL> section of the configuration.
    <SSL>
       <UseSSL>False</UseSSL>
       <SSLPort>2551</SSLPort>
       <UseSSLOnly>True</UseSSLOnly>
       <CertificatePath>./</CertificatePath>
       <PrivateKeyPath>./</PrivateKeyPath>
       <ClientCertificatePath>Certificates</ClientCertificatePath>
    </SSL>
  4. Enter the required information.
    Table 3. SSL Security information

    Option

    Function

    Action

    UseSSL

    Enables SSL security

    Select:

    • True to enable SSL
    • False to disable SSL

    SSLPort

    Identifies a port for secure connection

    Enter the port number you want to use for the secure connection

    UseSSLOnly

    Sets the port up as either secure or not secure

    Note: TEXTML Server supports both secure and non-secure connections on separate ports.

    Select:

    • True (Recommended) forces the TEXTML Server to allow secure connections only and disable the non-secure port defined in the configuration
    • False (Not recommended)

    CertificatePath

    Location of the signed CA

    Enter the path to the signed certificate

    PrivateKeyPath

    Location of the private key

    Enter the path to the private key

    ClientCertificatePath

    Secondary path to the root CA, if you are using replication

    On the secondary TEXTML Server, enter the path to the root CA certificate.

    Leave this field as it is if your deployment does not use replication.

    For example:
    <SSL>
       <UseSSL>True</UseSSL>
       <SSLPort>2551</SSLPort>
       <UseSSLOnly>True</UseSSLOnly>
       <CertificatePath>
          C:\ProgramData\IxiaSoft\Certificates\textml_signed_cert.pem
       </CertificatePath>
       <PrivateKeyPath>
          C:\ProgramData\IxiaSoft\Certificates\textml_cert_privatekey.pem
       </PrivateKeyPath>
       <ClientCertificatePath>Certificates</ClientCertificatePath>
    </SSL>
  5. Restart the TEXTML Server.
    TEXTML Server now responds to secure connection requests on the port you specified.
  6. Look at the TEXTML Server log to confirm that the server started properly.
    Note: If the logs contain an SSL error, then an error occurred when creating the certificates or when configuring the TEXTML Server. Review the steps above to make sure you created and signed the certificate and try again.

Results

This completes the process of installing a CA on TEXTML Server. Proceed to Step 3: Configure CCMS components to use SSL.