Configuring Security Services

Security Services provides Management & Control Services (MCS) with a secure port that implements Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0 support. Security Services also provides a proxy service, which redirects connections from secure clients outside the firewall to unsecured hosts inside the firewall.

Security Services, either with MCS or an MCS-managed server, is enabled by default. However, a secure (HTTPS) connection to the MCS console is required only if you select Require Encryption on the Authentication page.

You can use MCS to change Security Services settings as needed using the procedures below. In addition to the configuration options that you can change from MCS, you can edit several options in the SecurityGateway.properties file. For example, you can filter client access to authorized hosts only. For instructions, see Modifying the SecurityGateway.properties File.

Before putting MCS into an SSL production environment, you must obtain and install a server site certificate. For instructions, see the procedure for obtaining and installing a server site certificate.

To configure Security Services for MCS
In the MCS selection panel, point to MCS Functions and then click MCS Security. The MCS Security tree appears. In the MCS Security tree, click Security Services. The Security Services Configuration page appears in the MCS management panel. Change any settings on the Security Services Configuration page as needed. For details on these options, click Help in the upper-right corner of the page. Click Save. Restart the Web application server on which MCS is running to invoke your changes.

To configure Security Services for MCS

In the MCS selection panel, point to MCS Functions and then click MCS Security.
The MCS Security tree appears.
In the MCS Security tree, click Security Services.
The Security Services Configuration page appears in the MCS management panel.
Change any settings on the Security Services Configuration page as needed.
For details on these options, click Help in the upper-right corner of the page.
Click Save.
Restart the Web application server on which MCS is running to invoke your changes.

To configure Security Services for a server cluster
In the MCS selection panel, point to MCS Functions and then click Server Management. The Server Management tree appears. In the Server Management tree, click next to the cluster for which you want to configure Security Services, or double-click the cluster name, to expand the list of items. The cluster's tree appears. In the cluster's tree, click Security Services. The Security Services Configuration page appears in the MCS management panel. Change any settings on the Security Services Configuration page as needed. For details on these options, click Help in the upper-right corner of the page. Click Save. Any changes you make for the selected cluster affect all servers in that cluster. Restart the Web application server on which MCS is running to invoke your changes.

To configure Security Services for a server cluster

In the MCS selection panel, point to MCS Functions and then click Server Management.
The Server Management tree appears.
In the Server Management tree, click next to the cluster for which you want to configure Security Services, or double-click the cluster name, to expand the list of items.
The cluster's tree appears.
In the cluster's tree, click Security Services.
The Security Services Configuration page appears in the MCS management panel.
Change any settings on the Security Services Configuration page as needed.
For details on these options, click Help in the upper-right corner of the page.
Click Save.
Any changes you make for the selected cluster affect all servers in that cluster.
Restart the Web application server on which MCS is running to invoke your changes.


	Overview of Security Services
	Overview of Certificates
	Configuring a Client SSL Connection
	Obtaining and Installing Certificates
	Modifying the SecurityGateway.properties File