Secure Sockets Layer (SSL)
The SSL protocol of the Integrity Lifecycle Manager Agent provides robust security for access across the Internet. When users connect through SSL, the connection ensures privacy, authentication, and message integrity.
The SSL protocol enables encrypted, authenticated communication across the Internet. In an SSL connection, the Integrity Lifecycle Manager Agent must have a security certificate. Each side then encrypts the data it sends ensuring the information can only be read by the intended recipient.
The Integrity Lifecycle Manager Agent complies with US Encryption Export Control Regulations. By default, the encryption strength for the SSL is 128 bit encryption.
To use the
Integrity Lifecycle Manager Agent with SSL enabled, you must obtain a certificate for the machine running the
Integrity Lifecycle Manager Agent. If you have an existing certificate, you can use it by importing it into the keystore (see
“Configuring Integrity Lifecycle Manager Agent for Your Integrity Server”). To create a new certificate to be signed by a Certificate Authority (CA) such as VeriSign (
http://www.verisign.com), see
“Creating Signed Integrity Lifecycle Manager Agent Certificates”.
The following are possible scenarios for using Integrity Lifecycle Manager Agent certificates:
• Generating a new certificate
◦ Certificate is being signed by a well-known CA.
◦ Certificate is being signed by CA that may not be well-known.
◦ You are using the new certificate as self-signed.
• Importing an existing certificate
◦ Certificate was signed by a well-known CA.
◦ Certificate was signed by a CA that may not be well-known.
◦ Certificate was self-signed.
Enabling SSL
Before you can secure SSL connections, you must get an
Integrity Lifecycle Manager Agent certificate for the machine running the
Integrity Lifecycle Manager Agent. If you have an existing
Integrity Lifecycle Manager Agent certificate, see
“Integrity Lifecycle Manager Agent Configuration”.
|
You must have the signed certificate available when enabling SSL connections or the Integrity Lifecycle Manager Agent cannot start.
|
SSL connections are enabled when you configure the appropriate property keys in:
installdir\config\properties\agent.properties
where installdir is the Integrity Lifecycle Manager Agent installation directory.
To enable SSL, set the following property key:
mksagent.secure.port=<SSL port number>
A value of 0 disables the SSL connection.
You must also set a password for the following property key:
mksagent.privatekey.password=keystore Password i
where
keystore Password is the password used during certificate creation (see
“Creating Signed Integrity Lifecycle Manager Agent Certificates”).