|Applies To||RSA ClearTrust 4.7.1 Authorization Server (AServer)|
RSA ClearTrust 4.7 Authorization Server (AServer)
RSA ClearTrust 4.7.1
RSA ClearTrust 4.7
|Issue||ClearTrust: Where are the SSL session keys generated and stored?|
Where are session keys generated and stored when using anonymous or authenticated SSL for ClearTrust communications?
SSL handshake process
|Cause||The following is a summary of pages 33 to 35 of the "RSA ClearTrust 4.7.1 - Overview Guide":|
RSA ClearTrust allows you to configure different types of inter-component security between the various components. This includes:
1. No encryption (or cleartext)
2. Shared secret (or symmetric) encryption
3. Anonymous SSL. All data exchanged between ClearTrust components can be encrypted using Secure Sockets Layer (SSL) encryption technology. Before transmission over the network, the data is encrypted using anonymous SSL. Anonymous SSL means that neither the client nor the server is required to present a certificate to authenticate itself.
4. Mutually authenticated SSL. In this mode, each ClearTrust component must present its digital certificate when contacting another component, allowing that component to verify its identity.
In a purely technical sense, all SSL connections require at least the server to be authenticated. In order to address this requirement when using what in ClearTrust terminology is called "Anonymous SSL", the ClearTrust installation deploys a CA certificate and a server certificate for the ClearTrust components, thus, avoiding the burden of configuring the SSL certificates. It follows that the Anonymous SSL does authenticate the server components using a "dummy" certificate, but does not authenticate the client components.
The following procedure summarizes the SSL handshake process:
|Legacy Article ID||a12943|