About Access Gateway Certificates
In general, Secure Socket Layer(SSL) certificates are used to:
- Establish a secure connection between a browser and a server.
- Encrypt communication to ensure that sensitive information is safe.
- Authenticate an organization's identity.
When property deployed, a certificate shows a padlock adjacent to the URL of a secured site.
Access Gateway uses certificates to:
- Support HTTPS connectivity between an external load balancer and Access Gateway.
- Securely transmit traffic between Access Gateway and an Okta tenant.
- Provide secure HTTPS communications between Access Gateway and protected resources, which are also called back-end applications.
- Provide secure HTTPS communications between the AAccess Gateway Admin UI console and a client browser.
From an application perspective, certificates are used to define a secure or trust relationship between an end user and an application using Transport Layer Security (TLS). In this situation, Access Gateway acts as a proxy and redirects application requests to a back-end application. It then serves up the required certificate on behalf of the back-end application.
Depending on how TLS termination is implemented, certificates are served in one of two ways:
- TLS passes through the load balancer, and is terminated at Access Gateway. In this scenario, Access Gateway provides the certificate.
- TLS terminated at the load balancer. In this scenario, the TLS stops at the load balancer. The load balancer is then responsible for supplying certificates and Access Gateway is not involved in certificate management.
You can use Access Gateway to generate and associate self-signed certificates and associate certificates obtained from a certificate authority. You can do these tasks from the the Access Gateway Admin UI console.