Securing Transmissions between VM:Webgateway and Web Browsers

VM:Webgateway supports Secure Sockets Layer (SSL) to provide secure transmissions between the web server and web browsers. Secure transmissions are not the same as access control; access control restricts who can gain access to your documents.

SSL is a secure protocol that assures that data is transferred privately between the web browser and the web server without alteration. SSL also authenticates the web server, so the web browser user is assured that the source of the data is valid and that the input a web browser user supplies is being sent to validated web server.

To use SSL, you must include the OPTIONS SSL and KEYPASS configuration records in the VMWEBSRV CONFIG file. After you have added the configuration records, you must configure the VM:Webgateway TCP socket to turn SSL on.

When SSL is in use, VM:Webgateway uses SSL when serving data from both the server root domain and user pages. To turn SSL on, you need to update the TCP socket definition in the VM:Webgateway configuration to indicate that you want to use SSL when serving from that socket. When you turn SSL on, VM:Webgateway also requires you to specify SSL-related information to associate with the socket:

• Certificate that attests to the identity of your organization
• Cipher suites you want VM:Webgateway to use; cipher suites are the specific techniques that VM:Webgateway and the web browser use to secure the transmission

To run SSL in production, obtain a certificate from a certificate authority. It can take several days to obtain a certificate from a certificate authority. While waiting for your certificate, you can create a self-signed certificate. Use the self-signed certificate to test SSL and ensure you have VM:Webgateway set up properly. When you receive the certificate from the certificate authority, put SSL into production by replacing the self-signed certificate with the certificate from the certificate authority.

When VM:Webgateway is using SSL, web browser users can communicate with VM:Webgateway only when they use web browsers that support SSL. Additionally, web browser users must specify https:// as the first part of the URL rather than http://. The protocol https designates that SSL is being used with HTTP. Specifying https:// indicates that the web browser is to initiate the SSL handshake that begins an SSL transmission.

When a web browser successfully initiates an SSL transmission, it normally indicates that the transaction is secure. For example, Netscape Navigator 3.0 shows a solid key at the lower left corner of the screen when a transmission is secured with SSL; this key is shown as a broken key if the transmission is not secured with SSL. Refer to the documentation for your web browser to determine what to expect.