Chapter 5

Configuring for SSL

Topics in this section

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Configuring SSL (Windows Server 2003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Configuring SSL (Windows Server 2008) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Overview

Secure Sockets Layer (SSL) provides endpoint authentication and communications privacy over the Internet using cryptography. Whenever there is a concern regarding confidentially and integrity of management data being sent between ETV Portal Server and external clients, the ETV Portal Server should be configured with a digital X.509 certificate to enable SSL encryption. When SSL encryption is enabled, the Portal Server encrypts either all pages in the Portal Server Admin and client applications (see Configure Hardened SSL) or all of the Portal Server Admin pages but only the Portal Server client login page (see Configure Non-Hardened SSL).

It is important to note that only the management data (for example user requests or configuration data) is encrypted. The actual video streams are never encrypted. When SSL is enabled, the following elements can be encrypted:

MCS Admin Console – All MCS Admin Console pages can be encrypted to protect management information and other sensitive data.

MCS User Portal – All Portal Server client pages can be encrypted (hardened SSL) or only the login page can be encrypted (non-hardened SSL).

LDAP Server – If using LDAP authentication, communications between the Portal Server and the LDAP Server can be encrypted by enabling encryption on the LDAP server.

VOD-W Server – Communication between the Portal Server and a VOD-W server can be encrypted by enabling SSL on the VOD-W server. See "Secure Communication" in the VOD-W Server Release Notes.

By convention, URLs that require an SSL connection start with https instead of http. The steps briefly listed here, and explained in detail on the following pages, explain how to set up and use SSL on the Portal Server.

TTo set up SSL for client access to the ETV Portal Server

1.Generate a Certificate Request.

2.Submit a Certificate Request.

3.Install the Certificate on the ETV Portal Server.

4.Configure ETV Resources for SSL.

ETV Portal Server Admin Guide

123

Page 135
Image 135
VBrick Systems V4.4.3 manual Configuring for SSL, Overview