Administration and Maintenance > Set up Security > Set up an SSL Connection

Set up an SSL Connection

Topics in this Section

It is possible to set up Secure Socket Layer (SSL) connections for IDOL server. There are a number of ways that this can be set up. For example, you can:
*
Configure an SSL gateway. You configure incoming communications to IDOL server to use SSL connections, but communications between components within IDOL server are plain.
*
Configure SSL between all IDOL components in a unified IDOL server. All communications into IDOL, and between components, are configured with SSL connections.
*
In all cases the basic principle of configuring SSL is the same, but the exact configuration varies.
To configure SSL connections
1.
Set the SSLConfig parameter to the name of the section in which you define SSL options. The configuration sections where you set SSLConfig vary depending on your setup. In general:
*
For incoming ACI calls, set the SSLConfig parameter in the [Server] section.
*
For incoming Index actions, set the SSLConfig parameter in the [IndexServer] section.
*
For incoming Service actions, set the SSLConfig parameter in the [Service] section.
*
For outgoing ACI calls to IDOL components, set the SSLConfig parameter in each component section. For example, [AgentDRE].
For example:
[Server]
SSLConfig=SSLOption1
2.
For each SSLOption you define, create a new configuration section to contain the SSL options.
For example:
[SSLOption1]
3.
 
Determines which SSL protocol to use: SSLV2, SSLV3, SSLV23, or TLSV1. In most cases, SSLV23 is appropriate.
The SSL Certificate file to use to identify this component to a peer. It can be in either ASN1 or PEM format, however, Autonomy recommends using the PEM format. This parameter requires a matching SSLPrivateKey value.
The private security key for the SSL certificate. It can be either ASN1 or PEM format. This parameter requires a matching SSLCertificate value. The private key can be password protected. See SSLPrivateKeyPassword.
The Certificate Authority certificate indicating that this component trusts only communication with a peer offering a certificate signed by the specified CA(s).
Setting SSLCACertificate implicitly sets this to true. If it is set to false, it encrypts communications, but does not request certificates from peers.
Determines whether the hostname listed in the peer certificate (that is, the CommonName or “CN” attribute) resolves to the same IP address as the peer itself, as determined by the network connection. This parameter helps verify the identity of the peer.
For example, if the hostname in a certificate is eip.autonomy.com and resolves to an IP address of 12.3.4.56, then the peer must share the same IP address.
If the file defined in SSLPrivateKey is password protected, use this parameter to specify the password. The password can be in plain text or in basic or AES encryption format.
Related Topics 
*
*