SSL configuration for WebSEAL and the distributed session cache
When the [dsess-cluster] server stanza entry specifies the HTTPS protocol in the URL, you must configure WebSEAL for SSL communication with the distributed session cache. WebSEAL can authenticate to the distributed session cache with client certificates.
Configuring WebSEAL for SSL communication with the distributed session cache requires that you provide WebSEAL the following information:
- The CA certificate used to sign the distributed session cache SSL server certificate.
- The DN contained in the distributed session cache SSL server certificate.
You can also configure additional GSKit attributes to use when initializing the SSL connection with the distributed session cache.
Note: This SSL configuration is only required for WebSEAL
instances that are external to the distributed session cache server
cluster. For appliances that are in the same cluster as the distributed
session cache, no manual SSL configuration is required. The SSL configuration
is automatically set up by the Enable Distributed Session
Cache option.
This section contains the following topics: