Basics of secure connections and certificates

With current versions, SEAL Systems offers the default encryption of connections.
For a secure connection between the systems, a certificate is needed. This certificate has to be supplied by you (in many cases you have an in-house certificate authority), the customer and put into the corresponding directories.
In case you have any questions, your SEAL project engineer will help you.

Here the sequence of such a secured connection establishment

• The client requests a connection establishment from the server.

• As answer, the server sends the certificate to the client.

• The client checks the certificate on trustworthyness (date of expiry, certificate chain with trustworthy root-certificate, etc) and accordance with the server name..

• The server then sends the public key to the client.

• Not server and client negotiate the type of encryption.

• Next the client encrypts the session key with help of the public key of the server and sends the encrypted data back to the server.

• The server decrypts the message of the client with help of the private key. Now the secured connection is established and client and server use the same session key to en- and decrypt messages.

Locations of the certificates on the SEAL server
Apache: On the server, replaced the existing Apache certificate files seal.crt and seal.key in the directory ..\server\web\apache\conf\ with your new certificate files.
JBoss: On the server, replace the existing JBoss certificate files seal.crt and seal.key in the directory $SEAL_CUSTOMDIR\server\jboss\conf\ssl\ with your new certificate files.
OCON (self-signed-certificate): To operate the OCON-Client directly on the server, you have to import your customer root certificate into the JRE.
For this you can use the script import_cert_jre.pl. It can be called via a SEAL Shell. To run the OCON-Client on a different PC you have to import your customer root certificate into the JRE on that PC.