Remote Access

There are some SSL-related fields on the Remote Access screen. These are described below.

Self-Signed Certificate Handling

Select the type of self-signed certificates that the system will use for administrative access. The options are described below:

• RSA self-signed certs: This is the default option. The certificate will be an RSA certificate signed with the Progress Kemp RSA root certificate.
• EC certs with a RSA signature: The certificate used will be an RSA certificate signed with the Progress Kemp EC (Elliptical Curve) root certificate.
• EC certs with an EC signature: The certificate used will be an EC certificate signed with the Progress Kemp EC (Elliptical Curve) root certificate. In this mode, any CSRs generated will also be EC.

You should not switch from RSA self-signed certs to EC certs with an EC signature directly. If you do this, connections will fail because there is no EC Progress Kemp Certificate Authority (CA) certificate. To workaround this, you must first switch from RSA self-signed certs to EC certs with a RSA signature.

Then, download the new EC Progress Kemp CA certificate by clicking Download ECC Root Cert in the bottom-right of the WUI under the main menu after refreshing the page. When this certificate has been downloaded, you can switch to EC certs with an EC signature with no loss of connection.

Outbound Connection Cipher Set

This option allows you to select a pre-defined cipher set to use for all outbound connections, including:

• Remote logging (syslog)

• Email notifications

• LDAP authentication

• OCSP certificate validation

• Re-encrypted client requests

• HTTPS health checks

The default setting is None - Outbound Default, which means there is no specific cipher set chosen. However, the outbound connection is encrypted and the LoadMaster defaults to all ciphers available for the agreed TLS protocol.

This is global for all outbound connections. For information on each of the cipher sets available, refer to the Cipher Sets section.