Configuring HTTPS
Hi all,
I am looking to learn more about configuring HTTPS for our application. We were suggested to place our certificate on the load balancer but the reference article I found for Pega seems to suggested placing on the application server. We are looking for one way ssl.
Any changes needed in the ear file?
Should we try the load balancer or the server for our certificate?
Our application has services (REST SOAP) used by other systems. Will there need to be any additional settings there?
What steps are handled in infrastructure vs what steps are handled inside of Designer Studio?
Thank you in advance for any help!
Authentication: SiteMinder
Load Balancer: F5
Application Server: JBoss
Version: Pega 7.4
Pegasystems Inc.
NL
@Benneal92 , TLS (ssl) offloading typically happens on your F5. Depending on your security needs and infrastructure setup you could re-encrypt the traffic and terminate at your application server as well (or at container-platform ingress point). Given that you're still on Pega 7.4 I assume you're not dealing with a very security minded organization, so I don't expect you're planning to perform re-encryption. Meaning there's nothing you need to configure on JBoss, EAR, Designer Studio or service rules. As a next step I suggest to take a look at things like securing your cookies with prconfig/HTTP/SetSecureCookie/default and other settings as suggested in
https://community.pega.com/knowledgebase/articles/security/85/understanding-dynamic-system-settings
Please consider upgrading to the latest Pega version to enable many more security features and consider moving to the Pega Cloud to prevent infrastructure maintenance like this altogether.