Securing communications between the SafeLinx Administrator and the access manager

By default, the SafeLinx Administrator communicates with the access manager over an unencrypted connection. If you run SafeLinx Administrator from a computer that is remote to the SafeLinx Server, you can use TLS protocols to encrypt communications between the two nodes. Use the GSKit to manage the X.509 certificates that you need to establish a secure SafeLinx Administrator session.

About this task

To support secure TLS connections from SafeLinx Administrator clients, you install a set of public key certificates in an access manager key database file. The default key database file is wgmgrsd.trusted.kdb. You can use the default key database, or create your own key database file.

To force remote SafeLinx Administrator clients to use a TLS connection, configure the access manager to accept remote connections that use TLS only.

Procedure

  1. Obtain a certificate and add it to the access manager key database on the SafeLinx Server server .
    For information about obtaining a certificate from a third-party certificate authority, see Requesting an X.509 certificate from a third-party certificate authority. For information about adding certificates to a key database file, see Adding certificates to a key database file.
  2. Transfer the signer certificate to the computer that runs SafeLinx Administrator.
    • If you obtained a third-party certificate, transfer the signer certificate file to the SafeLinx Administrator computer.
      Note: The default key database file that is installed with the SafeLinx Administrator might include a signer certificate for the CA from which you received your personal certificate. However, it is best to use the version of the signer certificate that you receive from the CA.
    • If you created a self-signed certificate, extract the certificate to a file and then copy the file to the SafeLinx Administrator computer.
  3. Browse for the certificate file that you want to add and click OK.
  4. Type a label for the certificate, then click OK.

What to do next

To complete the TLS configuration, edit the access manager properties to require secure SafeLinx Administrator connections and specify the key database and stash password files.