Configuring the Web Gateway to Connect to InterSystems IRIS Using TLS
You can use TLS to set up a secure, encrypted channel between the Web Gateway and the InterSystems IRIS® data platform server. To do this, you need a TLS certificate and private key that represents the Gateway. The Gateway can then establish an encrypted connection to the InterSystems IRIS server (which has its own certificate and private key), so that all information is transmitted through the connection.
For information on setting up a connection between the Web Gateway and the InterSystems IRIS server that is protected by Kerberos, see Setting Up a Kerberized Connection from the Web Gateway to InterSystems IRIS.
The procedure is:
If there is not already a %SuperServer TLS configuration associated with the InterSystems IRIS server, create one as described in Create or Edit a TLS ConfigurationOpens in a new tab.
On the Portal’s System-wide Security Parameters page (System Administration > Security > System Security> System-wide Security Parameters), for the Superserver SSL/TLS Support choice, select Enabled or Required. For more details on these settings, see System-wide Security ParametersOpens in a new tab.
Go to the Web Gateway’s Server Access page (System Administration > Configuration > Web Gateway Management).
On that page, under Configuration, select Server Access.
Next, select Edit Server and click Submit. This displays the configuration page for the Web Gateway.
On this page, configure the Web Gateway to use TLS. Specifically, for the Connection Security Level field, select SSL/TLS. You must specify values for the SSL/TLS Protocol and SSL/TLS CA Certificate File fields. The other fields may be required or optional depending on other settings. The SSL/TLS Certificate File and SSL/TLS Private Key File are required if Require peer certificate verification is selected. If including a SSL/TLS private key file, you must also specify a value for the SSL/TLS Key Type. Additionally, if the certificate or private key file require a password, then the password must be supplied in SSL/TLS Private Key Password.
For more details on the fields on this page, see the Configuring Server Access section of “Web Gateway Operation and Configuration”.