Skip to main content

TLS with the Web Gateway

Configuring the Web Gateway to Connect to InterSystems IRIS Using TLS

You can use TLS to set up a secure, encrypted channel between the Web Gateway and the InterSystems IRIS® data platform server. To do this, you need a TLS certificate and private key that represents the Gateway. The Gateway can then establish an encrypted connection to the InterSystems IRIS server (which has its own certificate and private key), so that all information is transmitted through the connection.

Note:

For information on setting up a connection between the Web Gateway and the InterSystems IRIS server that is protected by Kerberos, see Setting Up a Kerberized Connection from the Web Gateway to InterSystems IRIS.

The procedure is:

  1. If there is not already a TLS configuration associated with the InterSystems IRIS system default superserver, create one as described in Create or Edit a TLS Configuration.

  2. On the system default superserver configuration page (System Administration > Security > Superservers), for the SSL/TLS Support level choice, select Enabled or Required. For more details on these settings, see Managing Superservers.

  3. Go to the Web Gateway’s Server Access page (System Administration > Configuration > Web Gateway Management).

  4. On that page, under Configuration, select Server Access.

  5. Next, select Edit Server and click Submit. This displays the configuration page for the Web Gateway.

  6. On this page, configure the Web Gateway to use TLS. Specifically, for the Connection Security Level field, select SSL/TLS. You must specify values for the SSL/TLS Protocol and SSL/TLS CA Certificate File fields. The other fields may be required or optional depending on other settings. The SSL/TLS Certificate File and SSL/TLS Private Key File are required if Require peer certificate verification is selected. If including a SSL/TLS private key file, you must also specify a value for the SSL/TLS Key Type. Additionally, if the certificate or private key file require a password, then you must provide in the SSL/TLS Private Key Password field either:

    • The private key password (which cannot begin with { or end with })

    • An operating system command enclosed in braces (for example, {sh /tmp/script.sh}). See Retrieve Passwords Programmatically for more details.

    For more details on the fields on this page, see the Configuring Server Access section of “Web Gateway Operation and Configuration”.

FeedbackOpens in a new tab