Step 3: Enabling security
When building your streaming use case, you might be dealing with sensitive information, data that should not end up in the wrong hands. For this reason, security is an essential aspect of Axual and enabled by default.
Data transfer is encrypted between client and platform
Clients are authenticated and authorized on a particular stream
In the next step, you will use Self Service to define applications that will produce and consume data from the desired stream.
Regardless of what technology those applications use, they use an SSL certificate to authenticate to the platform. The authentication and authorization mechanism is based on mutual TLS; both the server (platform) and the client should trust each other.
It is a requirement that, in advance, the application trusts a public key provided by the platform (or CA) and that the platform trusts a public key of the application.
These certificates will be used to set up the TCP/IP connection.
The platform provides applications access to a particular data stream based on the application principal.
A truststore is used to set up trust between the platform and producing or consuming clients. The truststore contains the CA and/or intermediate CA certificates of the client. In the handshake between client and server, the server will present its certificate, which the client needs to trust before establishing a secure connection.
You will find the truststore in the root directory of the care package, which has been sent to you when requesting your trial. You will find the following files there:
[yourcompany]xxxx.truststore.jks: the truststore, used by Java clients
[yourcompany]xxxx-root-ca.cert.pem: the ROOT CA file used by REST Proxy and .NET clients
Next, you need a certificate for your consumer/producer which is issues by either the CA directly or the intermediate CA.
We have placed some certificates for your applications in the care package folder named
[yourcompany]xxxx-app-keystores. For a total of three applications you will find the following files:
[yourcompany]xxxx-application-one.cert.pem: the application certificate PEM file
[yourcompany]xxxx-application-one.key.pem: the application private key PEM file
[yourcompany]xxxx-application-one.keystore.jks: the application keystore
[yourcompany]xxxx-application-one.p12: the application p12 file
Not using Axual Trial?
If you are not using the Axual Trial (e.g. an on-premises installation), the truststore and application certificates you need depends on how your company has organized this.
In this case get in touch with your company’s Stream Team and make sure you use the advised truststore and request a certificate with the appropriate authority, usually a PKI within your company.
You are now ready to move on to the next step 4. Creating Applications to create your application(s) in Self Service.