Setting up the TLS Pool¶
Until the TLS Pool is well-integrated into distributions, you will have to install it by hand. This means that you will be subjected to the full procedure, without short cuts. The TLS Pool is a paradigm shift when it comes to dealing with secure connections, so the work unfolds in a number of steps to take.
In the following, we will go through a number of steps:
- Prepare the System for the upcoming install of the TLS Pool
- Prepare PKCS #11 for storage of private and secret keys
- Setup databases for storage of dynamic data
- Setup server certificates on the server end, if needed
- Setup server PGP keys on the server end, if needed
- Setup client certificates on the client end, if needed
- Setup client PGP keys on the client end, if needed
- Setup Trust Anchors on either end
- Setup the TLS Pool daemon by configuring and running it
- Setup dynamic reconfiguration through a PulleyBack script
The process will be a bit complex at first, especially when it is run for the first time. Rest assured that the concepts are perhaps new, but in no way a waste of your time.
Especially the extra work to go through PKCS #11 is new to many and may feel like ballast, but it yields so much flexibility and control over security levels and even distribution matters that the learning experience can usually be considered quality time — at least in retrospect.
Testdata is a directory in the TLS Pool distributation that automates much of this work already, but it is geared at giving developers a head start, but it is not meant for users. You may find it useful to inspect the Makefile that creates many credentials and databases and so on automatically.