3.2 Configuring a New Access Gateway for SSL

This section explains how to create a reverse proxy to protect the name and IP address of your Web server from being exposed to users, how to require SSL between the browsers and the reverse proxy, and how to require authentication to gain access to the Web server.

What You Need to Know

Example

Your Value

Name of the Identity Server cluster

idpa

______________________

DNS name of the Access Gateway

lag.test.novell.com

______________________

Web server information

 

 

IP address

10.10.16.16

______________________

DNS name

digital.test.novell.com

______________________

Names you need to create

 

 

 

Reverse proxy name

DigitalAirlines

______________________

 

Proxy service name

DA

______________________

 

Protected resource name

everything

______________________

For more information, see Configuring the Access Gateway in the Novell Access Manager 3.1 SP2 Setup Guide.

  1. In the Administration Console, click the Access Gateways task.

  2. Click Edit, then click Reverse Proxy/Authentication.

  3. Configure a reverse proxy:

    • In the Authentication Settings section, select idpa from the drop-down list.

    • In the Reverse Proxy section, click New, specify DigitalAirlines, then click OK.

  4. To configure a proxy service, click New in the Proxy Service section, then fill in the following fields:

    Proxy Service Name: DA

    Published DNS Name: lag.test.novell.com

    Web Server IP Address: 10.10.16.16

    Host Header: Select the Web Server Host Name from the drop-down list.

    Web Server Host Name: digital.test.novell.com

  5. On the Reverse Proxy page, configure a protected resource.

    1. In the Proxy Service List section, click the name of proxy service (DA), then click the Protected Resources tab.

    2. In the Protected Resource List section, click New, specify everything, then click OK.

    3. For the contract, select Secure Name/Password - Form.

    4. In the URL Path section, examine the path. It should be set to /* to match everything on the Web server.

    5. Click OK twice.

  6. On the Reverse Proxy page, enable SSL:

    1. Select Enable SSL with Embedded Service Provider.

    2. Select Enable SSL between Browser and Access Gateway.

    3. Select Redirect Requests from Non-Secure Port to Secure Port.

    4. Select Auto-generate Key, then click OK.

    5. Ensure that the certificate is selected, then click OK.

  7. Click OK until you return to the Access Gateway page.

  8. On the Access Gateways page, click Update.

    Wait for the health status to turn green. If it doesn’t turn green, click the Health icon to discover the cause.

  9. Click the Identity Servers task, then click Update.

  10. To test that the Access Gateway is protecting the Web server, open a browser and enter the following URL:

    https://lag.test.novell.com:443/
    

    The first page of the Web server is displayed. If you get an error, verify the following:

    • Check the times on the Access Gateway and the Identity Server. Their times need to be synchronized.

    • Verify that the browser machine can resolve the DNS name of the Access Gateway.