15.3.2.1. Procedure – Configuring communication between Zorp and ZAS
First, the connection settings of ZAS have to be configured in the section on the ZMC component. Specify the IP address/port pair on which ZAS should accept connections.
Tip If ZAS and Zorp are running on the same machine, use the local loopback interface (IP:
127.0.0.1).Note The same bind settings will have to be used when the Authentication provider is configured in the tab of ZMC component.
If Zorp and ZAS are running on separate machines, enable and configure SSL encryption. Check the checkbox and click on next to the textbox and select a certificate. This certificate has to be available on the ZAS host and will be presented to Zorp to verify the identity of the ZAS server. For details about creating certificates, see Procedure 11.3.8.2, Creating certificates.
To enable mutual authentication (that is, to verify the certificate of Zorp), check the checkbox and select the containing the trusted certificates. Also make sure to set the high enough so that the root CA certificate in the CA chain can be verified. The default value (3) should be appropriate for internal CAs.
The connection also has to be set up from the Zorp side. This can be accomplished by creating an on the tab of the ZMC component. Click on , select from the combobox, and enter a name for the provider into the textbox.
Enter the IP address of the ZAS server into the field. This must be the same address as specified as for ZAS in Step 1.
If SSL encryption was enabled in Step 2, select the Zorp will show to ZAS. Zorp can also verify the certificate shown by ZAS using the CAs specified in .
Note Obviously, the CAs issuing the certificates of Zorp and ZAS must be members of the CA groups set to be used to perform the verification of the certificates, otherwise the verification will fail.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
