There are several ways to set up Secure Socket Layer (SSL) connections for HPE IDOL Server. For example, you can:
Configure an SSL gateway. You configure incoming communications to HPE IDOL Server to use SSL connections, but communications between components in HPE IDOL Server are plain.
Configure SSL between all HPE IDOL components in a unified HPE IDOL Server. All communications into HPE IDOL, and between components, are configured with SSL connections.
Configure SSL between stand-alone HPE IDOL components.
In all cases the basic principle of configuring SSL is the same, but the exact configuration varies.
Set the SSLConfig
parameter to the name of the section in which you define SSL options. The configuration sections where you set SSLConfig
vary depending on your setup. In general:
For incoming ACI calls, set the SSLConfig
parameter in the [Server]
section.
For incoming Index actions, set the SSLConfig
parameter in the [IndexServer]
section.
For incoming Service actions, set the SSLConfig
parameter in the [Service]
section.
For outgoing ACI calls to HPE IDOL components, set the SSLConfig
parameter in each component section. For example, [AgentDRE]
.
For example:
[Server] SSLConfig=SSLOption1
For each SSLOption
you define, create a new configuration section to contain the SSL options.
For example:
[SSLOption1]
Within each SSL options section, you can specify the following SSL parameters:
SSLMethod
|
Determines which SSL protocol to use: SSLV3, TLSV1, TLSV1.2, and the Negotiate, which uses the highest protocol supported by both client and server. HPE recommends that you use TLSV1.2 , unless interoperability with older systems requires use of less secure protocols.
|
SSLCertificate
|
The SSL Certificate file to use to identify this component to a peer. The certificate can be in either ASN1 or PEM format. HPE recommends that you use the PEM format. This parameter requires a matching SSLPrivateKey value. |
SSLPrivateKey
|
The private security key for the SSL certificate. The security key can be in either ASN1 or PEM format. This parameter requires a matching SSLCertificate value. The private key can be password protected. See SSLPrivateKeyPassword . |
SSLCACertificate
|
The Certificate Authority certificate indicating that this component trusts only communication with a peer that offers a certificate signed by the specified CAs. |
SSLCheckCertificate
|
Requests a certificate signed by a trusted authority from peers. Setting |
SSLCheckCommonName
|
Determines whether the host name listed in the peer certificate (that is, the CommonName or “CN” attribute) resolves to the same IP address as the peer itself, as determined by the network connection. This parameter helps verify the identity of the peer. For example, if the host name in a certificate is |
SSLPrivateKeyPassword
|
If the file defined in SSLPrivateKey is password protected, use this parameter to specify the password. The password can be in plain text or in basic or AES encryption format. |
|