SSL configuration for WebSEAL and the distributed session cache

When the [dsess-cluster] server stanza entry specifies the HTTPS protocol in the URL, configure WebSEAL for SSL communication with the distributed session cache. WebSEAL can authenticate to the distributed session cache with client certificates.

Configure WebSEAL for SSL communication with the distributed session cache requires that you provide WebSEAL the following information:

• The CA certificate used to sign the distributed session cache SSL server certificate.

• The DN contained in the distributed session cache SSL server certificate.

We can also configure additional GSKit attributes to use when initializing the SSL connection with the distributed session cache.

This SSL configuration is only required for WebSEAL instances that are external to the distributed session cache server cluster. For appliances that are in the same cluster as the distributed session cache, no manual SSL configuration is required. The SSL configuration is automatically set up by the Enable Distributed Session Cache option.

• Configure the WebSEAL key database
  
• Specify the SSL certificate distinguished name (DN)
  
• GSKit configuration for distributed session cache connections
  

Parent topic: Advanced configuration for the distributed session cache

Related concepts

• Distributed session cache configuration for WebSEAL
• Replica set configuration
• Adjustment of the last access time update frequency for the distributed session cache
• Communication timeout configuration for the distributed session cache
• Performance configuration for the distributed session cache
• Maximum concurrent sessions policy
• Single signon in a replica set