Archived
This forum has been archived. Please start a new discussion on GitHub.
ICE SSL binding to DNS hostname
I want to bind a service to an SSL endpoint identified by the DNS name of the hosting box.
It looks like failing to specify -h in an endpoint definition, or specifying -h *, without specifying the Ice.Default.Host property, results in the endpoint being bound to the IP addresses on all network adapters (not the DNS host-name(s) corresponding to these addresses).
In my case, I want to connect to this SSL endpoint with a client whose IceSSL.CheckCertName=1. The subject alternative name in the certificate deployed to the box hosting the SSL endpoint contains the DNS name of box. So I want my endpoint to look something like
IceStorm.Publish.Endpoints=ssl -h DNS_NAME_OF_BOX -p 10777
Is there a quick-and-dirty way to trigger the use of the DNS name of the box when defining an endpoint with the -h configuration? Or do I have to modify the endpoint definitions manually to bind to the DNS address?
Thanks
Dirk
It looks like failing to specify -h in an endpoint definition, or specifying -h *, without specifying the Ice.Default.Host property, results in the endpoint being bound to the IP addresses on all network adapters (not the DNS host-name(s) corresponding to these addresses).
In my case, I want to connect to this SSL endpoint with a client whose IceSSL.CheckCertName=1. The subject alternative name in the certificate deployed to the box hosting the SSL endpoint contains the DNS name of box. So I want my endpoint to look something like
IceStorm.Publish.Endpoints=ssl -h DNS_NAME_OF_BOX -p 10777
Is there a quick-and-dirty way to trigger the use of the DNS name of the box when defining an endpoint with the -h configuration? Or do I have to modify the endpoint definitions manually to bind to the DNS address?
Thanks
Dirk
0
Comments
-
Hi Dirk,
Object adapters support a PublishedEndpoints property in which you can specify exactly how the object adapter should advertise itself in proxies that it creates. Using your example, the property would look something like this:
IceStorm.Publish.PublishedEndpoints=ssl -h DNS_NAME_OF_BOX -p 10777
Take care,
Mark0 -
Thanks for the response.
The PublishedEndpoints property will help me if I want to define a 'private' endpoint, but not expose it publically.
I'm talking about a way to over-ride the default semantics of -h * to bind to a DNS address, not the IP address. In other words, how can I trigger the binding of an adapter to its hosting box's DNS name, short of modifying each of the adapter definitions (or writing a script to do so)?
Thanks
Dirk0 -
Hi Dirk,
If I understand correctly, you'd prefer to avoid explicitly mentioning the hostname in the object adapter configuration, and you want the adapter to bind to the IP address returned by DNS and publish the hostname in proxies?
If so, I'm afraid there currently isn't a way to get Ice to do what you want. Why is it that you don't want to mention the hostname?
Thanks,
Mark0 -
That's about right. I don't care if the endpoint is only bound to the DNS name. In other words, I don't need both bindings, with only the DNS binding published. I would be happy with only the DNS binding.
I am looking for a quick-and-dirty way of doing this without having to modify the adapter endpoints to explicitly include the DNS name. It does not sound like there is a way to over-ride the -h * semantics to bind to the DNS name of all IP addresses on all adapters, as opposed to the IP addresses on all adapters.0
