Monday, November 10, 2014

SSL proxy in DataPower

Secure socket layer is a security enhancement to to establish the encrypted communication between web browser and web server.
Lets see the difference between http and https protocols before going to SSL proxy configuration.

HTTP:
Hyper text transfer protocol is application level and stateless protocol which is used for data transmission over world wide web.The three main features are it is connection less,media independent and stateless.
HTTPS:
Hyper text transfer protocol secure is the secure version of HTTP. HTTPS will encrypt the session with the digital certificate.The secure socket layer is the sub-layer which is used under regular http.SSL will encrypt and decrypt the information passed with the public and private keys.All the websites which are needed to transfer the sensitive data will use this protocol to avoid man-in-middle attacks.
SSL proxy profile:
SSL proxy can be assigned to web service proxy,multiprotocol gateway or web application firewall when you need to secure the communication between the clients,service and the remote server.Crypto profile objects in the ssl proxy will define the way of communication.
Steps to create the SSL Proxy
  •    Open object->crypto configuration->SSL proxyo profile
  •     Name the proxy
  •   SSL direction: to secure communivation with requesting clients then it is reverse ssl,to secure the commincation with remote server it is forward ssl,to secure both client and remote server communication it is both
  •        Create a crypto profile which holds the validation and identity credentials

1.       Name the profile
2.       Identity credentials uses the crypto key and certificate to use identify itself to the remote server which authenticates the user
3.       Validation credentials uses the crypto certs and which authenticates the certificate sent by remote server
4.       Leave the rest of the options as default
  •          You can leave rest of the options as defaults

Assign this to the gateway or procy or firewall object to enable the communication over ssl.
SSL Proxy profile



Crypto profile:

 
Posted by at 1 comment:
Subscribe to: Posts (Atom)