Chapter 5
Configuring for SSL
Overview
Secure Sockets Layer (SSL) provides endpoint authentication and communications privacy over the Internet using cryptography. Whenever there is a concern regarding confidentially and integrity of management data being sent between ETV Portal Server and external clients, the ETV Portal Server user login page and all admin pages should be configured with a digital X.509 certificate to enable SSL encryption. When SSL encryption is enabled, the Portal Server only encrypts the Login pages and/or the Admin pages. The actual video streams are never encrypted. When SSL is enabled, the following elements can be encrypted:
•MCS Admin Console – All MCS Admin Console pages are encrypted to protect management information and other sensitive data.
•MCS User Portal – Only the Login page (including the user ID and password) are encrypted. The video streams are not encrypted.
•LDAP Server – If using LDAP authentication, communications between the Portal Server and the LDAP Server can be encrypted by enabling encryption on the LDAP server.
•
By convention, URLs that require an SSL connection start with https instead of http. The steps briefly listed here, and explained in detail on the following pages, explain how to set up and use SSL on the Portal Server.
TTo set up SSL for client access to the ETV Portal Server:
1.Generate a Certificate Request.
2.Submit a Certificate Request.
3.Install the Certificate on the ETV Portal Server.
4.Configure ETV Resources for SSL.
1. Generate a Certificate Request
If your company does not have a X.509 certificate, or does not have one for the ETV Portal Server, a new certificate request must first be created.
TTo generate a certificate request:
1.From the ETV Portal Server, start the Microsoft Internet Information Services (IIS) Manager.
2.Expand the server name and select the web site for which the certificate will be installed.
3.
4.Select the Directory Security tab.
ETV Portal Server Admin Guide | 105 |