Configuring the Security Options

Configuring the PDC and Non Authenticated URLs

To Configure the PDC and Non Authenticated URLs

1. Log onto the Portal Server administration console as administrator.

2. Select the Secure Remote Access tab and click the profile name to modify its attributes.

3. Select the Security tab.

4. Modify the following attributes:

   Attribute Name	Description
   Certificate-enabled Gateway hosts	Add the Gateway name to the Certificate-enabled Gateway hosts. Add the Gateway in the format host1.sesta.com. Click Add.
   Non-authenticated URLs	You can specify that some URLs do not need authentication. These are normally directories that contain images.  In the Non-Authenticated URLs field, enter the required folder path in the format folder/subfolder. URLs that are not fully-qualified (for example, /images) are treated as portal URLs.  To add a non-portal URL, fully qualify the URL, click Add to add this entry to the Non-Authenticated URLs list.
   Trusted SSL Domains	In the Trusted SSL Domains field, enter the domain names and click Add.

Configuring the TLS and SSL Options

To Configure the TLS and SSL Options

1. Log onto the Portal Server administration console as administrator.

2. Select the Secure Remote Access tab and click the profile name to modify its attributes.

3. Select the Security tab.

4. Modify the following attributes:

   Attribute Name	Description
   40-bit Encryption	Select this option if you want to allow 40-bit (weak) Secure Sockets Layer (SSL) connections. If you do not select this option, only 128-bit connections are supported.  If you disable this option, the user needs to ensure that the browser is configured to support the required connection type.  Note – The user needs to do the following in the case of Netscape Navigator 4.7x: Select Security Info under Tools in the Communicator menu. Click the Navigator link in the left pane. Click Configure SSL v2 or Configure SSL v3 under Advanced Security (SSL) Configuration. Enable the required ciphers.
   Null Ciphers	Select the Enable Null Ciphers checkbox to enable null ciphers.
   SSL Cipher Selection	Secure Remote Access supports a number of standard ciphers. You have the option of supporting all the pre-packaged ciphers, or selecting the required ciphers individually. You can select specific SSL ciphers for each Gateway instance. If any of the selected ciphers is present at the client site, the SSL handshake occurs successfully.
   SSL Version 2.0	Select the Enable SSL Version 2.0 checkbox to enable version 2.0. This option is enabled by default.  You can enable or disable SSL version 2.0. Disabling SSL 2.0 means that browsers that support only the older SSL 2.0 cannot authenticate to Secure Remote Access. This ensures a greater level of security.
   SSL2 Ciphers	Select the Enable SSL Cipher Selection checkbox option.  You can select the required ciphers from the list of SSL ciphers.
   SSL Version 3.0	You can enable or disable SSL version 3.0. Disabling SSL 3.0 means that browsers that support only the SSL 3.0 cannot authenticate to SRA software. This ensures a greater level of security.  Select the Enable SSL Version 3.0 checkbox to enable version 3.0.
   SSL3 Ciphers	Select the Enable SSL Cipher Selection checkbox option.  You can select the required ciphers from the list of SSL3 ciphers.
   TLS Ciphers	Select the Enable SSL Cipher Selection checkbox option.  You can select the required ciphers from the list of TLS ciphers.