Host Access for the Cloud uses Transport Layer Security (TLS) to cryptographically secure communication between client web browsers, session server, MSS and backend hosts.
Public Key Infrastructure (PKI)
TLS uses Public Key Infrastructure (PKI) to implement security. PKI uses keys, both public and private, to secure client and server communication. Public and private keys are mathematically related, but they are not the same. This means that a message encrypted with a public key can only be decrypted using the private key. Together, these keys are known as a key pair.
Digital certificates are credentials that verify the identities of individuals, computers, and networks. They provide the link between a public key and a business that has been verified (signed) by a trusted third party, known as a certificate authority (CA). Digital certificates provide a convenient way to distribute trusted public encryption keys.
Certificates and private keys are stored in Java keystores. Keystore entries are identified using an unique identifier, known as an alias. Often private keys and certificates, with their corresponding public key, are stored separately from those certificates received from other parties that you are using for trust purposes. This separate keystore is referred to as a truststore. A truststore contains certificates from parties that you expect to communicate with or from Certificate Authorities that you trust to identify other parties.
Your default secure installation
During the installation of HACloud and MSS, self-signed certificates are generated, exchanged, and then used to secure all communication between the session server, web browsers and MSS. Self-signed certificates are identity certificates that are signed by the same entity whose identity they certify.
Both session servers and MSS servers use their generated self-signed certificates to identify themselves to remote clients such as web browsers and other session servers and MSS servers. These self-signed certificates and their private keys are stored in their respective keystores.
To complete secure communication between clients (web browsers, session servers and MSS servers), the clients must trust the generated self-signed certificate. The session server trusts MSS’ certificate during installation and stores it in its truststore. Likewise, during installation MSS retrieves and trust the session server’s certificate and stores it in its truststore.
See Stores used by the session server
The MSS Administrative Console help has detailed information on General Security and Certificates