Introduction to SSL Certificates

The Sun Java System Portal Server Secure Remote Access software provides certificate-based authentication for remote users. SRA uses Secure Sockets Layer (SSL) to enable secure communication. The SSL protocol enables secure communication between two machines.

A SSL certificate provides encryption and decryption capabilities using a public and private key pair.

The two types of certificates are:

• Self-signed certificates (also called root CA certificate)

• Certificates issued by Certificate Authority (CA)

By default, a self-signed certificate is generated and installed when you install the Gateway.

You can generate, obtain, or replace a certificate anytime after installation.

SRA also supports client authentication with Personal Digital Certificates (PDCs). PDCs are a mechanism to authenticate a user through SSL client authentication. With SSL client authentication, the SSL handshake ends at the Gateway. The Gateway extracts the user’s PDC and passes it to the authenticated server. This server uses the PDC to authenticate the user. To configure PDCs along with Authentication Chaining, see Using Authentication Chaining.

SRA provides a tool named certadmin that you can use to manage the SSL certificates. See The certadmin Script.

Certificate pop up windows are common in SSL applications. Advise users to accept the warning and proceed.