Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Advanced junction configuration > Mutually authenticated SSL junctions - Pg. 148

Stateful junctions Junction throttling Supporting not case-sensitive URLs Junctioning to the Windows file systems 4.8.1 Mutually authenticated SSL junctions If necessary, WebSEAL can authenticate itself to a junctioned server using either server certificates or BA authentication. When using an SSL communication channel for this junction (­t ssl or ­t sslproxy), WebSEAL and the junctioned server can also mutually authenticate each other. This is very important in order to establish the trust relationships between WebSEAL and back-end Web application servers. The following outline summarizes the supported functionality for mutual authentication over SSL: 1. WebSEAL authenticates the back-end server (normal SSL process). a. WebSEAL validates the server certificate from the back-end server. In order to do this, WebSEAL needs to have information about the certificate from the back-end server. WebSEAL stores all certificates into the pdsvr.kdb database. GSKit tool can be used to manage those certificates. Use this tool to import the Certificate Authority (CA)