Secure Connections

This chapter provides general information about configuring secure connections between CSA and some commonly used components of CSA and securing internal communication. You should consult your security expert for more detailed information about configuring secure connections in your environment.

Note By default, CSA supports secure connections using TLSv1.2 and to enable support for TLSv1.2, you must configure the load balancer. CSAconfiguration can be manually changed to support TLSv1.1 or TLSv1.0, to work with older load balancers or other HTTPS clients that do not support TLSv1.2. However it is not recommended to enable TLSv1.1 or TLSv1.0 for security reasons.

Information includes:

The function of http over a secure connection is configured by the com.hp.csa.service.ssl.certificate.validation property in the CSA_HOME/jboss-as/standalone/deployments/csa.war/WEB-INF/classes/csa.properties file and the strictSSL attribute in the CSA_HOME/portal/conf/mpp.json file. That is, http over a secure connection can be configured to encrypt the connection only or http over a secure connection can be configured to encrypt the connection, validate the certificate's expiration date, verify the certificate's hostname, and authenticate the certificate. See the Secure Connections section in Appendix: Cloud Service Management Console Properties for more information about the com.hp.csa.service.ssl.certificate.validation property and the Provider Attributes and Identity Management component Attributes sections in Appendix: Marketplace Portal Attributes for more information about the strictSSL attribute.