Step 3: Enabling security

Securing Your Streaming Use Case

When building your streaming use case, you might be dealing with sensitive information, data that should not end up in the wrong hands. For this reason, security is an essential aspect of Axual and enabled by default.

  • Data transfer is encrypted between client and platform

  • Clients are authenticated and authorized on a particular stream

Mutual TLS: The Foundation

In the next step, you will use Self Service to define applications that will produce and consume data from the desired stream.

Regardless of what technology those applications use, they use an SSL certificate to authenticate to the platform. The authentication and authorization mechanism is based on mutual TLS; both the server (platform) and the client should trust each other.

Mutual TLS clarified

It is a requirement that, in advance, the application trusts a public key provided by the platform (or CA) and that the platform trusts a public key of the application.

  • These certificates will be used to set up the TCP/IP connection.

  • The platform provides applications access to a particular data stream based on the application principal.

1. Setting Up Trust

A truststore is used to set up trust between the platform and producing or consuming clients. The truststore contains the CA and/or intermediate CA certificates of the client. In the handshake between client and server, the server will present its certificate, which the client needs to trust before establishing a secure connection.

You will find the truststore in the root directory of the care package, which has been sent to you when requesting your trial. You will find the following files there:

  • [yourcompany]xxxx.truststore.jks: the truststore, used by Java clients

  • [yourcompany]xxxx-root-ca.cert.pem: the ROOT CA file used by REST Proxy and .NET clients

2. Application Certificate

Next, you need a certificate for your consumer/producer which is issues by either the CA directly or the intermediate CA.

We have placed some certificates for your applications in the care package folder named [yourcompany]xxxx-app-keystores. For a total of three applications you will find the following files:

  • [yourcompany]xxxx-application-one.cert.pem: the application certificate PEM file

  • [yourcompany]xxxx-application-one.key.pem : the application private key PEM file

  • [yourcompany]xxxx-application-one.keystore.jks : the application keystore

  • [yourcompany]xxxx-application-one.p12 : the application p12 file

Not using Axual Trial?

If you are not using the Axual Trial (e.g. an on-premises installation), the truststore and application certificates you need depends on how your company has organized this.

In this case get in touch with your company’s Stream Team and make sure you use the advised truststore and request a certificate with the appropriate authority, usually a PKI within your company.

Next Step: Creating Applications

You are now ready to move on to the next step 4. Creating Applications to create your application(s) in Self Service.