Exit Print View

Oracle Secure Global Desktop Gateway Administration Guide for Version 4.6

Document Information

Preface

1.  Installing the SGD Gateway

2.  Configuring the SGD Gateway

A.  SGD Gateway Architecture Overview

B.  Command-Line Reference

C.  Advanced Configuration

Tuning the SGD Gateway

Changing the Maximum Number of AIP Connections

Calculating the Number of AIP Connections

Changing the Maximum Number of HTTP Connections

Changing the JVM Memory Size

Calculating the JVM Memory Size

Configuring HTTP Redirection

Changing the Binding Port for the SGD Gateway

Using Unencrypted Connections to the SGD Array

Using External SSL Accelerators

How to Enable External SSL Accelerator Support

Using Client Certificates With the SGD Gateway

How to Configure the SGD Gateway to Use Client Certificates

Enabling the Balancer Manager Application

The Reflection Service

Enabling the Reflection Service

How to Enable Unauthorized Access to the Reflection Service

How to Enable Authorized Access to the Reflection Service

Using the Reflection Service

About the RESTful Web Services

Examples of Using the Reflection Service

D.  Troubleshooting the SGD Gateway

How to Configure the SGD Gateway to Use Client Certificates

Before You Begin

To use this procedure, you must have a client certificate.

  1. Log in as superuser (root) on the SGD Gateway host.
  2. Stop the SGD Gateway.
    # /opt/SUNWsgdg/bin/gateway stop
  3. Configure the SGD Gateway to use client certificates for HTTPS client connections.

    Add a <needClientAuth> entry to the /opt/SUNWsgdg/etc/gateway.xml file, as follows:

    <service id="http-ssl-service" class="SSL">
        <needClientAuth>true</needClientAuth>
            <!-- Decrypts HTTPS traffic -->
            <subService id="ssl-splitter">
                <binding>*</binding>
            </subService>
  4. Import the client certificate into the SGD Gateway client keystore.

    Use the keytool command, as follows:

    # /opt/SUNWsgdg/java/default/bin/keytool -importcert \
    -alias mycert -keystore /opt/SUNWsgdg/proxy/etc/keystore.client \
     -file mycert.crt -storepass ‘cat /opt/SUNWsgdg/etc/password‘

    In this example, the client certificate mycert.crt is imported into the SGD Gateway client keystore. The client certificate is stored using an alias of mycert.

  5. Start the SGD Gateway.
    # /opt/SUNWsgdg/bin/gateway start