Manage Certificates Between Sterling Secure Proxy Components

To maintain security in Sterling Secure Proxy, the engine and Configuration Manager (CM) communicate using SSL. Sterling Secure Proxy uses TCP/IP communications links between the web browser and the Jetty web server, the web server and CM, and CM and the engine. The only link that can be unsecure is between the web browser and the Jetty web server.

When you install Sterling Secure Proxy, a default certificate is installed to allow you to communicate. All components of the Sterling Secure Proxy system including CM, engine, and the Jetty web server share the same certificate. This self-signed certificate is called the factory certificate and has a three year expiration. If you use the factory certificate in a test environment, you must replace it with your own certificate before it expires. You should use your own certificate in production.

Before you can begin production, you must import a secure certificate. The default configuration uses a single key to secure the connection between the engine and CM. The certificate distribution looks like this:

To secure the communication between these components, replace the factory certificates using one of the models provided.