Following a conversation on a DataPower developerworks forum, I have decided to write a dedicated post in my blog.
DataPower is a highly secured device. Until recently I was under the impression, that once a digital certificate was uploaded to DataPower, it cannot be downloaded. Boy, I was wrong. The following section is a step by step guide to download certificates from a DataPower appliance:
|
Tested on IDG Virtual Edition, XI52 physical appliance, and other appliances. Not tested on appliances with enabled Common Criteria.
It can also be achieved using SOMA API function, and in one of my projects we've created a GUI for downloading certificates from DataPower.
It is important to state that since there is nothing wrong having certificates and public keys freely accessible, this doesn't make DataPower vulnerable, especially hence one still needs credentials to log into the appliance.
Fell free to reach out with any question.
Gosha
No comments:
Post a Comment