How do I configure SSL offloading at the Agent (All versions) for virtual hosts?
The purpose of this article is to provide information on configuring SSL offloading at the Agent (Web and Java) for virtual hosts. It is assumed that you have correctly configured your virtual hosts for SSL; you must specify the SSL parameters in all the ssl vhost sections rather than just the default ssl vhost.
1 reader recommends this article
Configuring SSL offloading at the Agent
You can configure SSL offloading at the agent using either the AM admin UI or ssoadm:
- AM admin UI: navigate to: Realms > [Realm Name] > Applications > Agents > Web or Java > [Agent ID] > Global > FQDN Virtual Host Map and enter the virtual host domain name you want to map in the 'Map Key' field and the actual FQDN in the 'Corresponding Map Value' field.
- ssoadm: enter the following command: $ ./ssoadm update-agent -e [realmname] -b [agentname] -u [adminID] -f [passwordfile] -a com.sun.identity.agents.config.fqdn.mapping=[[domainname]]=[FQDN]replacing [realmname], [agentname], [adminID], [passwordfile], [domainname] and [FQDN] with appropriate values. For example, if you have a virtual host domain name of example.net and your FQDN is am.example.com, you would specify this property as follows in the ssoadm command: com.sun.identity.agents.config.fqdn.mapping=[example.net]=am.example.com
Note
You should set up FQDN mapping for all virtual hosts; if a domain can be reached with and without www, you should specify mapping for both variants. For example, [example.net]=am.example.com and [www.example.net]=www.am.example.com
This FQDN mapping will allow you to access the agent on different FQDNs but won't affect how policies are evaluated; the policy rule must still match the requested URL for it to be evaluated.
See Also
How do I configure a Web Agent (All versions) for SSL offloading?
How do I configure a Java Agent (All versions) for SSL offloading?
FAQ: SSL/TLS secured connections in AM and Agents
Related Training
N/A
Related Issue Tracker IDs
N/A