Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

Cloud Access Manager 8.1.2 - Security and Best Practice Guide

Table of Contents

Optimizing Cloud Access Manager for a production environment

Memory Disk space HTTP connections

STS hosts Preventing direct access to applications protected by Cloud Access Manager

Fallback Shared secret Proxy mapping and URL rewriting

Folder-to-root mapping Root-to-root mapping Choosing the best mapping strategy

Rewriting relative URLs using folder-to-root Relative URLs using root-to-root

Choosing the right SSL certificate

Single host certificate Wildcard certificate Subject Alternative Name (SAN) certificate

Single sign-on methods

Security Assertion Markup Language (SAML) federation and WS-Federation HTTP Basic and NTLM Proxied form-fill Unproxied form-fill

Using a reverse proxy or load balancer with Cloud Access Manager

Inter-service communication

Choosing the right SSL certificate

We recommend that you purchase and install an Secure Sockets Layer (SSL) certificate from a Certificate Authority, this ensures Dell™ One Identity Cloud Access Manager users can be confident they are interacting with a genuine service. Please refer to the Dell™ One Identity Cloud Access Manager Installation Guide for full instructions on how to request and install an SSL certificate for Cloud Access Manager.

You can purchase one of three types of SSL certificate:

•

Single host certificate

•

Wildcard certificate

•

Subject Alternative Name (SAN) certificate

Single host certificate

This is typically the cheapest option. It is suitable for organizations who wish to proxy only a single application, or a collection of simple, static web applications with minimal client-side scripting using the folder-to-root method described above.


	NOTE: The subject indicated in a single host certificate is a single hostname, for example www.acme.com

Wildcard certificate

This is usually the most costly option, but the most flexible. It allows you to set up unlimited root-to-root proxy mappings by permitting the domain name to be prefixed by any subdomain.


	NOTE: The subject indicated in a wildcard certificate is a wildcard hostname, for example *.webapps.acme.com

Subject Alternative Name (SAN) certificate

A SAN certificate authenticates multiple explicitly-defined hostnames, the subjects indicated in a SAN certificate are listed, for example:

DNS Name: erp.acme.com

DNS Name: mail.acme.com

DNS Name: payroll.acme.com

A SAN certificate is widely considered to be more secure than a wildcard certificate. If a wildcard certificate falls into the wrong hands, then an attacker can pose as the legitimate organization through an unlimited number of hostnames. However, a similar compromise of a SAN certificate would only jeopardize the hostnames listed on that particular certificate.

Alternatively, the wildcard certificate has the advantage of flexibility, so you do not need to worry about altering your certificate in the future to accommodate more domain names. For this particular reason, as long as the private key of your wildcard certificate is properly secured, then you may consider the convenience of a wildcard certificate to outweigh the security benefits of a SAN certificate.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© 2025 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center