Editing access manager properties to enable TLS

After you install certificates on the SafeLinx Administrator and the access manager, configure the access manager to require remote SafeLinx Administrator clients to use secure connections.

Before you begin

Before you can establish a secure connection between the SafeLinx Administrator and the access manager, you must use the GSKit to prepare X.509 certificates on both of them..

About this task

When certificates are in place on both endpoints, modify a few access manager settings to complete the TLS configuration.

By default, the access manager does not require SafeLinx Administrator sessions to use secure protocols. Enable the setting Force remote SafeLinx Administrator connections to use SSL to require secure connections.

The access manager properties specify the key database file that contains the access manager certificates, and the stash password file that contains the encrypted password. If you did not use the default files, edit these settings to reference the files where the items are stored.

You can also specify the TLS ciphers that the access manager uses to encrypt traffic.

The following procedure describes how to edit the access manager properties so that you can begin using TLS to secure the SafeLinx Administrator-access manager connection.

Procedure

  1. From the Resources page in the SafeLinx Administrator, right-click Access Manager, and then click Properties.
  2. On the Security page, click Force remote SafeLinx Administrator connections to use SSL to configure the access manager to accept only remote SafeLinx Administrator connections that use TLS.
  3. On the SSL page, review the entries in the fields File name of key database and File name of stash password. If you did not use the default key database and stash password files, type the names and full paths to the files where the access manager certificate and its stashed password is stored.
    The default key database file is wgmgrsd.trusted.kdb and the default stash password file is wgmgrsd.trusted.sth.
  4. On the SSL page, specify the ciphers to use to encrypt data that the access manager exchanges with the SafeLinx Administrator.
  5. From the SafeLinx Administrator, restart the SafeLinx Server.
    You must restart the SafeLinx Server to activate changes to certificates in the key database file.
  6. Close and restart the remote SafeLinx Administrator to test the connection.