6.5 Setting up SSL/TLS

SIU references: SIU-251, SIU-274.

For production systems, you are strongly recommended to set up SSL/TLS on all MyID websites and web services. See the Configuring SSL/TLS (HTTPS) section in the Securing Websites and Web Services guide and the MyID web site section in the System Security Checklist.

The MyID Installation Assistant can help you with the process of securing your web servers. See section 2.9, Configuring https for details.

6.5.1 SSL/TLS for the MyID Operator Client

Important: The web services used by the MyID Operator Client (rest.core and web.oauth2) require SSL/TLS; if you do not connect through HTTPS, you cannot use the MyID Operator Client. For information on setting this up, see the Configuring SSL/TLS (HTTPS) section in the Securing Websites and Web Services document.

When you install MyID, you must specify the MyID Server URL. This must match the URL of the server as accessed by client PCs using the MyID Operator Client, which must in turn match the server name used in the SSL/TLS certificate. The default value provided by the installation program is the fully-qualified domain name of your server, but this may not match the URL used by your clients; for example, you may use a domain name such as myid.example.com that is mapped to the web server rather than an internal address.

6.5.2 SSL/TLS for MyID Desktop

For information on configuring MyID Desktop for SSL/TLS, see section 10.3.4, One-way SSL/TLS and section 10.3.5, Two-way SSL/TLS.

6.5.3 Securing MyID with TLS 1.2

SIU reference: SIU-297.

You are recommended to set up your system to use TLS 1.2; this involves configuring the MyID application servers to ensure that they can use TLS 1.2, and configuring the MyID web servers to disable SSL and versions of TLS earlier than TLS 1.2.

For more information, see the Securing MyID with TLS 1.2 section in the System Security Checklist.