SSL encryption uses public key technology to establish an encrypted link between a client/server pair. It is possible, using a very simple protocol, to establish an encrypted link between a client and server without first having to make any agreement between the communicating partners. Unfortunately, a link made under such conditions is vulnerable to a third-party attack, in which a person maliciously intercepts communications intended for the host, and either gains access to passwords, or even to all the communications for the duration of a session.
To thwart the man in the middle attack, CA chose to use a digital certificate protocol, in which a digital certificate containing the public key of the intended server is delivered by conventional mail or any other reasonably secure method to the client systems that uses SSL encryption. A related digital certificate is available to the host. This technique guarantees that the client can only link up with the intended host.
The WebView client is written in Java, and therefore uses Java SSL. The digital certificate:
Use Java's keytool program to install the certificate on each machine.
It is possible to install the same certificate for all users, any group of users, or only one user. For security reasons, We recommend using a different certificate for each user. For example, if an employee quits, you can revoke his certificate independently of all others, causing minimum disruption.
The management of digital certificates includes at the least creating them and distributing them. It may also entail a relationship with a Certificate Authority, which is a commercial enterprise that specializes in creating certificates. You can create your own Certificate Authority, or can use a commercial one. There are advantages to either approach.
Note: The details of certificate management are beyond the scope of this manual. For more detailed information, contact your Certificate Authority (CA) Support team.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|