protocol keystone transport server
Connects a Keystone client to a specific Keystone server. This determines the location and mode of the proxy certificate generation. The SteelHead performing the certificate generation can be a server-side SteelHead (Default mode), a client-side SteelHead (Local mode), or another SteelHead (Remote mode). All transports are designed to transfer Keystone messages, but the actual implementation of the transport may vary. The most common type of transport in use with SteelHead is a TLS channel over a TCP socket.
Syntax
[no] protocol keystone transport server [default | local | remote ip <ip> {port <port> | ip-2 <ip-2> [port-2]}]
Parameters
default | Specifies no Keystone server override. The certificate generation and storage will take place on the server-side SteelHead. |
local | Specifies local Keystone server override. The certificate generation and storage will take place on the client-side SteelHead. |
remote ip <ip> {port <port> | ip-2 <ip-2> [port-2]} | Specifies the IP address of a remote Keystone server and/or backup remote server. You can designate a second remote server for failover capability using the ip-2 parameter. The certificate generation and storage will take place on a user-specified SteelHead. |
Usage
The Keystone client selects the specific transport to handle each request. There may be multiple transports available, each one connected to a separate Keystone server. When selecting a transport, the Keystone client is effectively selecting which Keystone server to use. Since each Keystone server can only serve the certificates it has direct access to, this means transport selection drives which certificates will be available.
Example
amnesiac (config) # protocol keystone transport server remote ip 1.2.3.4 port 7881
amnesiac (config) # show protocol keystone
Server transport override mode: remote
Server override remote ip: 1.2.3.4
Server override remote port: 7881
Server auto-sign enabled: yes
Server auto-sign current CA id:
Auto-signed cert key size: 2048
Auto-signed cert valid days: 365
Auto-signed cert limit: 1500
amnesiac (config) # protocol keystone transport server default
amnesiac (config) # show protocol keystone
Server transport override mode: default
Server override remote ip: 0.0.0.0
Server override remote port: 0
Server auto-sign enabled: yes
Server auto-sign current CA id:
Auto-signed cert key size: 2048
Auto-signed cert valid days: 365
Auto-signed cert limit: 1500
Product
SteelHead
Related Commands
MAPI support commands