We are in the process of enabling the RSA Secure ID Authentication REST API. Since this is a fairly new technology, we would like to get confirmation that, even without enabling HMAC for authentication agents, the communication between the client and the RSA infrastructure is encrypted? In our specific case, the client is a VMware UAG appliance that requires both the Access Key and the RSA SSL server certificate to establish connection to the RSA server. We basically want to confirm that even without enabling HMAC for authentication agents, the network traffic will be encrypted using the provided the RSA SSL server certificate.
Reference :
https://community.rsa.com/t5/rsa-authentication-manager/deploying-an-authentication-agent-that-uses-the-rest-protocol/ta-p/629348
https://community.rsa.com/t5/rsa-authentication-manager/generate-an-hmac-for-authentication-agents/ta-p/629349
