SSL Implementation in DataPower
Data that is transmitted over SSL connections are encrypted by using session keys that are secured with public key cryptography. Public key cryptography requires a public key (store in the certificate) and a private key.
Data Power uses a Crypto Identification Credential to associate or match a public key and private key for use in cryptographic operation such as SSL.
Data Power uses Validation Credentials to validate digital signatures and received signatures. A Validation Credential is a list of certificate objects.
Crypto Profile associates a Crypto identification with a Crypto Identification credentials.
Scenario – DataPower acts as a client:
1. Upload certificate shared by API Connect in cer/pub directory of Data power file management
2. Create SSL Proxy profile as shown below, this can be either referred in proxy setting or set dynamically using routing-ssl-profile variable
3. DataPower acts client to API Connect, which will share its certificates to DataPower.
4. Using certificate shared, a crypto certificate object is created.
5. Crypto validation credentials created using crypto certificate object will be included in crypto profile.
6. Crypto profile created will be used in data power as ssl proxy profile.
Scenario – DataPower acts as server:
Create SSL (Proxy) server profile by the following steps:
1. SSL server profile can be referred in any front side handler that supports SSL (EX: HTTPS)
2. Crypto Identification crenditals with the help of crypto key object and crypto certificate object.