Enabling SSL for an App Server

After creating a certificate template, enable SSL for an HTTP, ODBC, WebDAV, or XDBC app server:

1. Click Groups in the left menu tree.

2. Click the group in which you want to define the app server (for example, Default).

3. Click App Servers in the left menu tree.

4. Either click an existing app server from the left menu tree or create a new one by clicking the Create HTTP, Create WebDAV, Create XDBC, or Create ODBC tab. The app server configuration page appears.

5. Complete the SSL fields near the bottom of the configuration page under Module Locations. This table describes the fields:

   SSL field	Description	Selections
   SSL Certificate Template	A certificate template specifies the common information for the individual SSL certificates needed for each host in the group. When a certificate template is specified, the app server uses an SSL-encrypted protocol like https, davs, or xccs. Creating a Certificate Template describes how to create them.	Select a certificate template. Default: (none).
   SSL Min Allow TLS	The minimum allowed TLS protocol for this app server.	Choose either TLSv1.2 or TLSv1.3. Default: TLSv1.2.
   SSL Hostname (Optional)	The single host name that causes all instances of this app server to identify as that host. Complete this field when using a proxy or a load balancer to represent multiple app servers.	Enter the host name from the app server's SSL certificate. If this field is not specified, then each host uses a certificate specifying its own host name. Maximum length: 64 characters (RFC 2459). Default: blank.
   SSL Ciphers (Optional)	The SSL ciphers for TLSv1.2 app servers.	If SSL Min Allow TLS = TLSv1.2, then use the default of ALL:!LOW:@STRENGTH or add other colon-separated values.
   SSL Ciphersuites (Optional)	The SSL ciphersuites for TLSv1.3 app servers. Disabled if SSL Min Allow TLS = TLSv1.2.	Use the default of TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 or add other colon-separated values.
   SSL Require Client Certification (Optional)	Determines whether or not SSL should require clients to provide a certificate.	Select true to have SSL require clients to provide a signed certificate. Note: To make the true setting take effect, select at least one certificate authority (CA) from the Show list under SSL Client Certificate Authorities. Otherwise, this setting is effectively false. Select false to have SSL not require clients to provide a certificate. Default: true.
   SSL Client Issuer Authority Verification (Optional)	Determines whether SSL should accept directly signed or indirectly signed client certificates.	Select true to accept client certificates only from CAs explicitly selected from the Show list under SSL Client Certificate Authorities. Select false to accept client certificates with a parent CA that is indirectly signed by one or more ancestor CAs on the Show list under SSL Client Certificate Authorities. Default: false.
   SSL Client Certificate Authorities (Optional)	Shows or hides the list of CAs that may sign client certificates for this server so that a particular CA can be selected to sign certificates.	Click Show to see the list of CAs allowed to issue client certificates when SSL Client Issuer Authority Verification = true. Click an organization on the list. Click the checkbox to enable that CA. Click Hide to hide the list. Note: If SSL Require Client Certification = true, then selecting at least one CA is required. Default: none selected.

6. Click OK.

This app server is now enabled for SSL.