8.3.3. Procedure – Enabling SSL encryption in HTTP

Purpose: 

To enable SSL encryption, perform the following steps. This setting either enforces SSL encryption, or accepts both HTTP and HTTPS requests.

Figure 8.3. HTTP Control > Connections> SSL Settings — Enabling SSL encryption in HTTP

HTTP Control > Connections> SSL Settings — Enabling SSL encryption in HTTP

Steps: 

  1. In SSL Settings, select Permit HTTPS traffic. To control plain HTTP traffic with the same connection policy, enable Allow HTTP traffic.

  2. Select the certificate to show to the clients.

    • To use the same certificate for every session, select Use the same certificate for each connection.

      Note

      When using the Use the same certificate for each connection option and the connection policy allows access to multiple servers using HTTPS, the client browsers will display a warning because the certificate used in the connection will be invalid: the Common Name of the certificate will not match the hostname or IP address of the server.

    • To use a separate certificate for every session, complete the following steps.

      1. Create a certificate authority that will be used to sign the certificates that PSM shows to the server. For details, see Procedure 7.12, Signing certificates on-the-fly.

      2. Select Bridge certificate. In this case, PSM performs certificate bridging, that is, copies the data from the server's certificate into a new one, issued by the selected Certificate Authority.

        Note

        Bridge certificate option does not work the same way as the Generate certificate on-the-fly option in other protocol settings.

      3. In the Signing CA field, select the certificate authority to use.

        Note

        Import the certificate of the signing Certificate Authority to your clients. Otherwise, the client browsers will display a warning because of the unknown Certificate Authority.

  3. Select how PSM should authenticate the server.

    • To permit connections to servers without requesting a certificate, select No validation.

    • To permit connections only to servers having valid certificate that was signed by a specific CA, complete the following steps.

      1. Create a list of trusted Certificate Authorities that will be used to validate the certificates of the servers. For details on creating a trusted CA list, see Procedure 7.11, Verifying certificates with Certificate Authorities.

      2. Select Only accept certificates authenticated by the trusted CA list.

      3. In the Trusted CA field, select the certificate authority list to use.