Trustchain for Proxy with EZD
We are planning to proxy EZD (Elektron Zero Daemon) through an F5, and I need to install a specific trust chain onto the server where EZD is running. I am trying to understand how EZD knows where to find the CA trustchain? I cannot find anything in the documentation I have.
Best Answer
-
Hello @bill.harding,
Please find the response from EZD product development:
"The certificates are installed
in the default directory such as /etc/ssl/certs. I believe the EZD is
using the openSSL to access this file.[root@ob1d-ddndrp225a certs]# ls
-ltrtotal 1708
-rw-r--r--. 1 root root 978662
Dec 20 2013 ca-bundle.trust.crt-rw-r--r--. 1 root root 757191
Dec 20 2013 ca-bundle.crt-rwxr-xr-x. 1 root
root 829 Jan 8 2014 renew-dummy-cert-rwxr-xr-x. 1 root
root 610 Jan 8 2014 make-dummy-cert-rw-r--r--. 1 root
root 2242 Jan 8 2014 Makefile[root@ob1d-ddndrp225a certs]#
pwd/etc/ssl/certs"
0
Answers
-
Does this mean that the certificate would need to be appended to the existing certificates under /etc/ssl/certs (i.e. ca-bundle.trust.crt)? (We have done this, but EZD still doesn't seem to be using our certs).
I could not find any way to configure EZD to point to a specific certificate (i.e. pem).
0 -
Hello @bill.harding,
Please see additional info from development team:
The current EZD release is doing some basic certificate
authentication against the default system CA store. Unfortunately, there
is essentially 0 consistency or standards for where the default system CA store
is installed for Linux. So unfortunately, this is a per-distribution(and
probably per-distro-version) operation.Some info here:
and here(this covers redhat 6 and 7, at least):
https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/0
Categories
- All Categories
- 6 AHS
- 39 Alpha
- 162 App Studio
- 4 Block Chain
- 5 Bot Platform
- 17 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 370 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 60 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛