When you deploy Nexus Timestamp Server , you must consider a number of network and security issues, especially if the server is exposed externally. This article gives a list of some actions to be considered when deploying Nexus Timestamp Server.
-
If Nexus Timestamp Server is exposed externally:make sure that it resides behind a properly configured firewall.use an HTTP proxy/filter to filter invalid or suspicious HTTP traffic.
-
If you require authentication, TLS must be enabled.
-
If you use the built-in TLS functionality of Nexus Timestamp Server, replace the example TLS key.
-
If you use TLS, make sure that Nexus Timestamp Server has access to external OCSP and/or LDAP servers for certificate revocation purposes.
-
Set the log level for the default log to WARNING or INFO and make sure that there is enough disk space to hold the logs.
-
Make sure that the service configuration is correct and replace all example keys.