Remote access
Secure remote NanoTAP access is provided over secure socket layer (SSL) transport using mutual (client/server) X.509v3 certificates between the TAP client and TAP server modules. TCP connections are allowed, however all TCP connection code is inside a compiler flag __DISABLE_TAP_SECURE_CONNECTION__
, so non-secure connections could be explicitly enabled. The server configuration file also has an entry to allow non-SSL communication (enableunsecurecomms=1
). Therefore, even if a build disallows non-secure connections, the administrator may enable them in the configuration file.
Example configuration files
Note
These samples are provided as examples only. Do not use them in your configuration. Instead, refer to the configuration format specified in your release distribution.
An example server configuration file, taps.config
, is as follows:
# Port on which the TAP Server listens serverport=8564 # Enable / Disable SSL mutual authentication (1 = enable; 0 = disable) # Be aware that mutual authentication also requires a certificate on the client side. enablemutualauthentication=1 # File path to server certificate in DER format sslcertificatefile=/usr/local/mocana/cert.der # File path to server Key in DER format sslcertificatekeyfile=/usr/local/mocana/certkey.der # File path(s) to Root CA certificate(s) in DER format sslrootcertificatefile=/usr/local/mocana/rootca1cert.der sslrootcertificatefile=/usr/local/mocana/rootca2cert.der sslrootcertificatefile=/usr/local/mocana/rootca3cert.der # Disable SSL, allowing unsecure communication # If this is set to 1, all data is sent as plaintext, including all passwords/secrets. # Thus, we strongly recommend this only be set for testing in non-production environments. enableunsecurecomms=0 # Available module. List a conf file here for each supported module. # The .conf file extension is assumed and should not be included. module=tpm_0 module=tpm_1 module=tpm2_0 module=tpm2
An example configuration file for a TPM 2.0 module is as follows:
# TPM 2.0 configuration file providerType=3 [module] modulename=localhost moduleport=6543 moduleidstr=49774ce7b246584b462fa2fe962f444074242a6a20906051b2521f9f6c78ba32 modulenum=1 credfile=default-creds.tpm2