Adabas Cluster 7.4.0 | From Project to Production | How to Set Up the Adabas Cluster | Cluster Encrypted Inter-Node Communication
 
Cluster Encrypted Inter-Node Communication
All the communication between the cluster nodes are end-to-end encrypted using OpenSSL.
Any valid TLS/SSL certificate issued by a certificate authority or a self-signed certificate will be accepted. For self-signed certificates, the verification level must be set to '0'. Client certificates are not validated in this case. Nevertheless, the communication is still encrypted.
The following table provides an overview of Adabas nucleus parameters related to cluster inter-node encryption with OpenSSL:
Parameter
Description
CLUSTER_CLIENT_CADIR
Points to a directory containing CA certificates in PEM format for client.
CLUSTER_CLIENT_CAFILE
CA certificate file or certificate chain file of client.
CLUSTER_CLIENT_CERTFILE
Fully qualified path name to certificate file of client.
CLUSTER_CLIENT_KEYFILE
Fully qualified path name to private key file of client.
CLUSTER_CLIENT_VERIFY
Verification level of client certificates:
0 = no verification
1-10 = maximum depth for certificate chain verification that shall be allowed
CLUSTER_CLIENT_PASSWD
Passphrase/password or path name to the file that contains the passphrase/password for client file.
If using a file path, the pass phrase/password is encrypted on the first access and written back to the file. The file must have the write access permission. After encryption, change the file access permission to read-only.
Password rules: Leading or trailing white spaces (like tabs and spaces) are ignored when reading passphrase/password from the file.
CLUSTER_SERVER_CADIR
Points to a directory containing CA certificates in PEM format for server.
CLUSTER_SERVER_CAFILE
CA certificate file or certificate chain file of server.
CLUSTER_SERVER_CERTFILE
Fully qualified path name to the certificate file of server.
CLUSTER_SERVER_KEYFILE
Fully qualified path name to the private key file of server.
CLUSTER_SERVER_VERIFY
Verification level of certificates:
0 = no verification
1-10 = maximum depth for the certificate chain verification that shall be allowed
CLUSTER_SERVER_PASSWD
Passphrase/password or path name to the file that contains the passphrase/password.
If using a file path, the passphrase/password is encrypted on the first access and written back to the file. The file must have the write access permission. After encryption, change the file access permission to read-only.
Password rules: Leading or trailing white spaces (like tabs and spaces) are ignored when reading passphrase/password from the file.
CLUSTER_TLS_ENABLED
Enable the TLS encryption for the node communication.