C.7 Using External SSL Accelerators

By default, the SGD Gateway is configured to work with incoming HTTP and AIP data connections that are secured using SSL. The Gateway also supports the use of external SSL accelerators for handling SSL processing.

To use an external SSL accelerator with the Gateway, do the following:

  • Configure the external SSL accelerator to decrypt SSL connections and forward them as unencrypted connections to the Gateway.

  • Enable external SSL accelerator support on the Gateway.

    This enables the Gateway to accept unencrypted connections on the secure port. See Section C.7.1, “How to Enable External SSL Accelerator Support”.

  • Ensure that client devices use the SSL accelerator as the network entry point.

    Typically the SSL accelerator is also a load balancer. Configure the SGD servers and Gateways for a load-balanced deployment as described in Section 2.1.2, “Load-Balanced Deployment”.

C.7.1 How to Enable External SSL Accelerator Support

Ensure that no users are connected to SGD through the Gateway.

  1. Log in as superuser (root) on the SGD Gateway host.

  2. Enable support for unencrypted incoming connections.

    Change the symbolic link for the gateway.xml file, so that it links to the gateway-plaintext.xml file, instead of the default setting of gateway-ssl.xml.

    Run the following command:

    # ln -fs /opt/SUNWsgdg/etc/gateway-plaintext.xml /opt/SUNWsgdg/etc/gateway.xml
    
  3. (Optional) Change the binding port for the Gateway.

    Depending on your network configuration, you might also need to change the binding port for the SGD Gateway.

    See Section C.4, “Changing the Binding Port for the SGD Gateway”.

  4. Restart the SGD Gateway.

    # /opt/SUNWsgdg/bin/gateway restart