Trusted Certificate Authorities for HFED or Trusted Headers Applications

Document created by RSA Information Design and Development on Jul 13, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 19Show Document
  • View in full screen mode

When applications are added to RSA SecurID Access using either the HTTP Federation Proxy (HFED) or trusted headers method, the identity routers connect directly to the application web servers. If SSL is enabled for these applications, the application web server must have a valid certificate signed by a certificate authority (CA) that the identity routers trust.

The identity routers automatically trust valid certificates signed by:

However, some companies use an internal or lesser-known CA to sign certificates used for their application web servers. To establish trust between the identity router and an internal CA, you can upload one or more CA certificates using the Cloud Administration Console.

The identity routers require that an SSL certificate is valid.  Valid SSL certificates contain:

  • A signature from a trusted CA
  • A name that matches the web server's hostname
  • An expiration date that has not passed

 

 

You are here
Table of Contents > Certificates > Trusted Certificate Authorities for HFED and Trusted Headers Applications

Attachments

    Outcomes