Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enable SSL to the Client

    To enable SSL between WebApp Secure and the client, do the following:

    1. In the Web UI, navigate to the application for which you want to enable SSL or switch to the desired application's context.
    2. Navigate to Configuration > Applications > My App > Proxy/SSL Settings and enable SSL to the backend.
    3. Upload your SSL certificate and key file.
    4. Select a listening interface IP address and HTTP and HTTPS ports.

      Note: The combination of port/IP must be unique for the system. If the system is clustered, an IP must be selected for each node.

    5. When you save the SSL configuration in a deployment containing multiple appliances, the certificate is propagated from the master system to all subsequent systems.
    6. Under Advanced SSL Settings, you can modify existing SSL Cipher and SSL Protocol strings for the application. If do you not enter any information, the defaults are used.

      Note: The syntax for ssl.ciphers can be found here: https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT. Note that WebApp Secure requires colons (rather than allowing spaces or commas). The syntax for ssl.protocols is described here: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols.

      Figure 1: Proxy / Backends

      Proxy / Backends

    Warning: To safeguard against inheriting SSL certificates, WepApp Secure does not allow SSL at the global level. Therefore, you must configure an application in order to enable SSL.

    Warning: Your certificate and key files cannot be password protected. If they are, WebApp Secure will be unable to read them. You can remove passwords on your existing certificate by using the openssl program. For example, openssl rsa -in mykey.pem -out newkey.pem.

    Note: Certificates must be in valid PEM (Privacy Enhanced Mail) format. You can verify the SSL certificate by using the command, openssl verify <sslcert.crt>. WebApp Secure is only concerned with the validity of the format. openssl verify might allude to other problems with the certificate, but other issues do not come into play when used within WebApp Secure.

    Published: 2015-02-04