SSL must be enabled between the Access Gateway and the browsers before you can enable it between the Access Gateway and its Web servers.
In the Administration Console, click
> > > > > .To configure SSL, select
.This option is not available if you have not set up SSL between the browsers and the Access Gateway. See Section 14.3, Configuring SSL Communication with the Browsers and the Identity Server and select the field.
In the
field, specify the port that your Web server uses for SSL communication. The following table lists some common servers and their default ports.Configure how you want the certificate verified. The Access Gateway platforms support different options:
(Conditional) If you are configuring a Linux Access Gateway, select one of the following options:
(Conditional) If you are configuring a NetWare® Access Gateway, all the certificates in the certificate chain of the Web server must be in its trust store. To add these certificates to the trust store, click Step 4.c.
. Continue withThe auto import screen appears.
If the Access Gateway is a member of a cluster, the cluster members are listed. The Web server certificate is imported into the trust stores of each cluster member.
Ensure that the IP address of the Web server and the port match your Web server configuration.
If these values are wrong, you have entered them incorrectly on the Web server page. Click Cancel and reconfigure them before continuing.
Click
.The server certificate, the Root CA certificate, and any certificate authority (CA) certificates from a chain are listed.
If the whole chain is not displayed, import what is displayed. You then need to manually import the missing parents in the chain. A parent is missing if the chain does not include a certificate where the Subject and the Issuer have the same CN.
Specify an alias, then click
.All the certificates displayed are added to the trust store.
Click
.(Optional) For mutual authentication, the Access Gateway platforms support different options:
(Conditional) If you are configuring a Linux Access Gateway, you need to select the certificate. Click the
icon, select the certificate you created for the reverse proxy, then click .This is only part of the process. You need to import the trusted root certificate of the CA that signed the proxy service’s certificate to the Web servers assigned to this proxy service. For instructions, see your Web server documentation.
(Conditional) If you are configuring a NetWare Access Gateway, the text box displays the certificate that is sent to the Web server if the Web server requires it. If the Web server is not set up for mutual SSL, the certificate is not sent.
To set up the Web server for mutual SSL, you need to import the trusted root certificate of the CA that signed the certificate displayed in the text box. For instructions, see your Web server documentation.
To save your changes to browser cache, click
.To apply your changes, click the
link, then click > .