Securing communications between the SafeLinx Administrator and the access manager

By default, the SafeLinx Administrator communicates with the access manager over an unencrypted connection. If you run SafeLinx Administrator from a computer that is remote to the SafeLinx Server, you can use TLS protocols to encrypt communications between the two nodes. Use a third-party tool such as OpenSSL to manage the X.509 certificates that are required to establish a secure SafeLinx Administrator session.

About this task

To support secure TLS connections from SafeLinx Administrator clients, you install a set of public key certificates in an access manager PKCS12 keystore file. The default keystore file is sl-default.p12. You can use the default file or create your own keystore file.

To force remote SafeLinx Administrator clients to use a TLS connection, configure the access manager to accept remote connections that use TLS only.

Procedure

  1. Obtain a certificate and add it to the access manager PKCS12 keystore file on the SafeLinx Server server. For information, see Generating a server certificate from a certificate authority.
  2. Transfer the signer certificate to the computer that runs SafeLinx Administrator.
    • If you obtained a third-party certificate, transfer the signer certificate file to the SafeLinx Administrator computer.
      Note: The default PKCS12 keystore file that is installed with the SafeLinx Administrator might include a signer certificate for the CA from which you received your personal certificate. However, it is best to use the version of the signer certificate that you receive from the CA.
    • If you created a self-signed certificate, extract the certificate to a file and then copy the file to the SafeLinx Administrator computer.
  3. Browse for the certificate file that you want to add and click OK.
  4. Type a label for the certificate, then click OK.

What to do next

To complete the TLS configuration, edit the access manager properties to require secure SafeLinx Administrator connections and specify the PKCS12 keystore file and password.