
Chapter 5
Configuring for SSL
Topics in this section
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring SSL (Windows Server 2003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Configuring SSL (Windows Server 2008) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Overview
Secure Sockets Layer (SSL) provides endpoint authentication and communications privacy over the Internet using cryptography. Whenever there is a concern regarding confidentially and integrity of management data being sent between ETV Portal Server and external clients, the ETV Portal Server should be configured with a digital X.509 certificate to enable SSL encryption. When SSL encryption is enabled, the Portal Server encrypts either all pages in the Portal Server Admin and client applications (see Configure Hardened SSL) or all of the Portal Server Admin pages but only the Portal Server client login page (see Configure
It is important to note that only the management data (for example user requests or configuration data) is encrypted. The actual video streams are never encrypted. When SSL is enabled, the following elements can be encrypted:
•MCS Admin Console – All MCS Admin Console pages can be encrypted to protect management information and other sensitive data.
•MCS User Portal – All Portal Server client pages can be encrypted (hardened SSL) or only the login page can be encrypted
•LDAP Server – If using LDAP authentication, communications between the Portal Server and the LDAP Server can be encrypted by enabling encryption on the LDAP server.
•
By convention, URLs that require an SSL connection start with https instead of http. The steps briefly listed here, and explained in detail on the following pages, explain how to set up and use SSL on the Portal Server.
TTo set up SSL for client access to the ETV Portal Server
1.Generate a Certificate Request.
2.Submit a Certificate Request.
3.Install the Certificate on the ETV Portal Server.
4.Configure ETV Resources for SSL.
ETV Portal Server Admin Guide | 123 |