When you deploy Nexus Timestamp Server, you must consider a number of network and security issues, especially if the server is exposed externally. This article gives a list of some actions to be considered when deploying Nexus Timestamp Server.
- If Nexus Timestamp Server is exposed externally:
- make sure that it resides behind a properly configured firewall.
- use an HTTP proxy/filter to filter invalid or suspicious HTTP traffic.
- If you require authentication, TLS must be enabled.
- If you use the built-in TLS functionality of Nexus Timestamp Server, replace the example TLS key.
- If you use TLS, make sure that Nexus Timestamp Server has access to external OCSP and/or LDAP servers for certificate revocation purposes.
- Set the log level for the default log to WARNING or INFO and make sure that there is enough disk space to hold the logs.
- Make sure that the service configuration is correct and replace all example keys.