When considering security threats, one way to prevent leakage of application communication to third parties and alteration of such communication is the use of communication encryption. Using HTTPS for communication is one method of encryption. However, TLS/SSL-based communication, on which HTTPS is based, incurs a very high load.

An SSL accelerator is a piece of hardware dedicated to implementing HTTPS-encrypted communication processing without placing a load on the Web or application server. The correct deployment of an SSL accelerator will help accelerate encrypted communication without placing a load the Web or application server.

The following figure shows a configuration example using an SSL accelerator.

Figure 4-9 Configuration using an SSL accelerator

Communications sent by the Web client over HTTPS are decrypted by the SSL accelerator, and then passed on to the Web or application server over HTTP. Communications sent by the Web or application server over HTTP are encrypted by the SSL accelerator, and then passed on to the Web client.

When deploying an SSL accelerator, consider the following points:

• An SSL accelerator can be used as a firewall. In such a case, treat the SSL accelerator as part of your Web or application server.
• For Web server integration, when using an SSL accelerator, it might be necessary to configure additional redirector settings. For example, if a redirector is configured, a request forwarding destination or other information can be specified (only for HTTP/1.0 requests from Web clients). When using Management Server to set up the system, the system can be configured on the management portal by using Environment Settings for Logical Server. Open the Redirector Settings window for the logical Web server, and under Gateway Specification Function Settings, select Yes for Use SSL accelerator.
  When setting up the system without using Management Server, configure the setting in the following file:
  

  For Cosminexus HTTP Server

  The JkGatewayHttpsScheme key in the mod_jk.conf file

  For Microsoft IIS

  The gateway_https_scheme key in the isapi_redirect.conf file

  When setting up the system without using Management Server, see 9. Files Used for Web Server Integration, in the uCosminexus Application Server Definition Reference Guide.
  
• To use an in-process HTTP server, you might need to configure additional Web container settings when using an SSL accelerator. For example, when these settings are configured, a request forwarding destination or other information can be specified (only for HTTP/1.0 requests from Web clients). When using Management Server to set up the system, the system can be configured on the management portal by using Environment Settings for Logical Server. Open the Other Settings window for the logical J2EE server, and under Gateway Specification Function Settings, select Yes for Use SSL accelerator.
  When setting up the system without using Management Server, configure the webserver.connector.inprocess_http.gateway.https_scheme key in the usrconf.properties file.
  When setting up the system without using Management Server, see 2.4. usrconf.properties (User property file for J2EE server), in the uCosminexus Application Server Definition Reference Guide.