Setup

<< Click to Display Table of Contents >>

Navigation:  Technical Guide > Security >

Setup

 

To setup the DTS security system, a certificate authority is required. This certificate authority will sign the DTS deployment’s root certificate (CTRL CERT), which, in turn, will sign the certificates for the connected components (COMP CERT).

While 3rd party CAs can be used, DTS also provides an easy-to-use script (x509/setup.sh) which generates a CA and a root certificate (CTRL CERT) using OpenSSL, as well as key files in the required formats (CTRL PRIV KEY, CTRL PUB KEY).

The next step is to enable security for the Controller modules by setting the following environment variables on dts-controller and dts-gui-controller:

DTS_ENABLE_SECURITY = true

DTS_X509_CERTIFICATE_PATH = [Path to CTRL CERT]

DTS_RSA_PRIVATE_KEY_PATH = [Path to CTRL PRIV KEY in DER format]

 

From here on, only secured components will be able to connect to DTS.

To secure a component, a certificate must be generated for it. This certificate (COMP CERT) must be signed by CTRL CERT.

DTS also provides a script to facilitate this action (x509/create-cert.sh), provided the system is secured using a CA created using the previous script and not a 3rd party or custom one. This script generates and signs the certificate (COMP CERT) and produces key files in the required formats (COMP PRIV KEY, COMP PUB KEY). These files will need to be made available to the component for opening in its local environment, together with the Controller's public key file (CTRL PUB KEY).

Finally, security can now be enabled on the component by setting its following environment variables:

DTS_ENABLE_SECURITY=true

DTS_X509_CERTIFICATE_PATH = [Path to COMP CERT]

DTS_RSA_PRIVATE_KEY_PATH = [Path to COMP PRIV KEY in DER format]

DTS_CTRL_PUBLIC_KEY_PATH = [Path to CTRL PUB KEY in DER format]