Configure SSL Termination

1. On the Operator Portal, select the Configuration tab.

2. Click Customization.

   The Customization page appears:

   

3. In the Select a Topic drop-down list, click SSL Termination.

4. Next to SSL Termination, select Enabled.

   This enables the handling of SSL termination by allowing access using HTTP as well as HTTPS. It also specifies if this server is working with an SSL termination device in front.

5. Select Enabled or Disabled for the Accept header certificate information for HTTPS connections option.

6. In the Certificate information type drop-down list, click SubjectString or base64cert.

   This specifies what kind of information is included in the HTTP header: either a subject string directly, or a certificate image. The format of the data passed by the SSL termination device to supply certificate information depends on the vendors. The possibilities include a full certificate image or the subject DN.

7. In the HTTP Header attribute used to supply the certificate information field, enter the name of the custom HTTP header that contains information about the client certificate used to connect to the SSL termination device. For example, https-frontend-subject.

8. In the Host used for client card synchronization field, enter the host name of the Apache Tomcat server.

9. In the Port used for client card synchronization field, enter the port of the Apache Tomcat server (for example, 8080).

10. Click Set.

11. On the Peer Server Creation page, change the URL of each specific ActivID CMS instance in the server pool from “https” to “http.” For more information, see step 10 in Add a Server Using SSL Communications.

12. Reconfigure the IIS to remove the SSL from each ActivID CMS server instance for the following Web server instances. Refer to the Microsoft IIS documentation for more information.

    • Subdirectories

    • Administration

    • MyDigitalID