Alteon Application Switch Operating System Application Guide
Offloading SSL Encryption and Authentication
338 Document ID: RDWR-ALOS-V2900_AG1302
• Client Authentication Policy—Optionally, you can define a client authentication policy that
validates a client’s identity as part of the SSL handshake. In addition to defining the client
authentication policy, you must associate it to the SSL policy for it to take effect. For more
information, see Client Authentication Policies, page 343
.
A single client authentication policy can be reused across multiple SSL policies, and by extension
across multiple virtual services.
Note: The order of configuring these components is not important, as long that you eventually
enable and apply them all as a unified configuration at one time. This means that you can configure
one or more of them individually and then configure the remaining items at a later time.
SSL Policies
An SSL policy determines the behavior of the SSL or HTTPS service that it is associated with. The
SSL policy determines the following:
• Which SSL/TLS versions are allowed during handshake
• Which cipher suites are used during handshake and encryption
• Which intermediate Certificate Authority (CA) to use
• Which SSL information to pass to the back-end servers
• When and if to use HTTP protocol-based location redirection conversion from HTTP to HTTPS
• Whether to use back-end encryption
• Whether and how to use client authentication
• Whether to use SSL/TLS on the front-end connection
An single SSL policy can be associated to multiple virtual services if they share the same SSL
configuration.
For details on defining the SSL policy parameters, see the section on the
/cfg/slb/ssl/sslpol
menu in the Alteon Application Switch Operating System Command Reference.
Note: Alteon lets you explicitly select or deselect supported SSL and TLS protocol versions for the
front-end and back-end connections.
Certificate Repository
Certificates are digitally signed indicators that identify a server or a user. They are usually provided
in the form of an electronic key or value. The digital certificate represents the certification of an
individual business or organizational public key but can also be used to show the privileges and roles
for which the holder has been certified. It also includes information from a third-party verifying
identity. Authentication is needed to ensure that users in a communication or transaction are who
they claim to be.
A basic certificate includes:
• The certificate holder’s identity
• The certificate serial number
• The certificate expiry date
• A copy of the certificate holder’s public key
To Next Page
Loading...
