14.0 Configuring the Access Gateway for SSL

SSL provides the following security features:

Authentication and nonrepudiation of the server through the use of digital signatures
Data confidentiality through the use of encryption
Data integrity through the use of authentication codes

Mutual SSL provides the same things as SSL, with the addition of authentication and nonrepudiation of the client, by using digital signatures.

To ensure the validity of X.509 certificates, Access Manager supports both Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) methods of verification.

This section describes how the Access Gateway can use SSL in its interactions with other Access Manager components, how you can enable SSL between an Access Gateway and these components, and how you can use other options to increase security:

Section 14.1, Using SSL on the Access Gateway Communication Channels
Section 14.2, Prerequisites for SSL
Section 14.3, Configuring SSL Communication with the Browsers and the Identity Server
Section 14.4, Configuring SSL between the Proxy Service and the Web Servers
Section 14.5, Managing Access Gateway Certificates
Section 14.6, Configuring the Encryption Key
Section 14.7, Enabling Secure Cookies