User guide
Chapter 2: Environment Setup (SSO Administrators)
2-64
SSL Communication using Application Gateway
For operation using non-SSL communication between the Application Gateway complete the following
settings according to the operating conditions:
1. Required settings
Refer to Settings for Operation using Application Gateway.
2. Confirming validity of certificate
In addition to the above settings, perform the operations explained in Preparations for Confirming
Validity of Certificate Authentication.
Preparations for SSL Communication
For SSL communication using each server, acquire the site certificates and register them in the
Interstage certificate environment. For explanations of site certificate acquisition and registration in the
Interstage certificate environment, refer to 'Setting and Use of the Interstage Certificate Environment' of
the Security System Guide.
When the site certificate is already acquired and registered, the registered site certificate can be used.
The following is an example of preparations for SSL communication.
Setting Access Permission of Interstage Certificate Environment
To set up the Interstage certificate environment, an owner group with permission to access the
Interstage certificate environment must be created. The created owner group must be specified in the -
g option of the scsmakeenv command when the Interstage certificate environment is set up.
The effective users who are to be registered in the owner group of the Interstage certificate environment
must be already set in the User directive of the environment configuration file (httpd.conf) of the
Interstage HTTP server.
For an explanation of the access permission of the Interstage certificate environment, refer to 'Setting
and Use of the Interstage Certificate Environment' of the Security System Guide.
Signing Request of a Certificate for SSL Communication
Specify distinguished names such as country code, alphanumeric first and last name, alphanumeric
organization name, alphanumeric organizational unit name, prefecture name, and municipality name to
create a certificate signing request (CSR) for signing requesting the certificate for the SSL
communication.
Use the scsmakeenv command to create the certificate signing request (CSR). Send the CSR to a
certificate authority (VeriSign Inc.) to request to issue the certificate.
Executing the scsmakeenv command prompts the operator to enter distinguished names. In response
to the message, 'What is your first and last name?' specify the Fully Qualified Domain Name (FQDN) of
the URL of the authentication infrastructure, as the Web server host name. If the load of the
authentication server is distributed using a load balancer such as the Interstage Traffic Director, specify
the FQDN of the Interstage Traffic Director. FQDN is a host name including a domain name. To request
the certificate of a Web server, FQDN must be specified as the owner name of the certificate. (For
example: authenticate_server.fujitsu.com)
In the scsmakeenv command, specify the password and private-key nickname for access to the
Interstage certificate environment. The password is required to access the Interstage certificate
environment. The nickname is required to register the site certificate that was acquired from the
certificate authority. Be sure to remember the nickname.