Skip to main content

Remote access

Secure remote NanoTAP access is provided over secure socket layer (SSL) transport using mutual (client/server) X.509v3 certificates between the TAP client and TAP server modules. TCP connections are allowed, however all TCP connection code is inside a compiler flag __DISABLE_TAP_SECURE_CONNECTION__, so non-secure connections could be explicitly enabled. The server configuration file also has an entry to allow non-SSL communication (enableunsecurecomms=1). Therefore, even if a build disallows non-secure connections, the administrator may enable them in the configuration file.

Example configuration files

Note

These samples are provided as examples only. Do not use them in your configuration. Instead, refer to the configuration format specified in your release distribution.

An example server configuration file, taps.config, is as follows:

# Port on which the TAP Server listens
serverport=8564

# Enable / Disable SSL mutual authentication (1 = enable; 0 = disable)
# Be aware that mutual authentication also requires a certificate on the client side.
enablemutualauthentication=1

# File path to server certificate in DER format
sslcertificatefile=/usr/local/mocana/cert.der

# File path to server Key in DER format
sslcertificatekeyfile=/usr/local/mocana/certkey.der

# File path(s) to Root CA certificate(s) in DER format
sslrootcertificatefile=/usr/local/mocana/rootca1cert.der
sslrootcertificatefile=/usr/local/mocana/rootca2cert.der
sslrootcertificatefile=/usr/local/mocana/rootca3cert.der

# Disable SSL, allowing unsecure communication
# If this is set to 1, all data is sent as plaintext, including all passwords/secrets.
# Thus, we strongly recommend this only be set for testing in non-production environments.
enableunsecurecomms=0

# Available module. List a conf file here for each supported module.
# The .conf file extension is assumed and should not be included.
module=tpm_0
module=tpm_1
module=tpm2_0
module=tpm2

An example configuration file for a TPM 2.0 module is as follows:

# TPM 2.0 configuration file
providerType=3
[module]
modulename=localhost
moduleport=6543
moduleidstr=49774ce7b246584b462fa2fe962f444074242a6a20906051b2521f9f6c78ba32
modulenum=1
credfile=default-creds.tpm2
In this section: