Posted: 5 Aug 2020 2:58 EDT Last activity: 16 Aug 2020 15:12 EDT
How to enable SSL on Pega Platform server (Tomcat)
In this post, I am sharing how to enable SSL on Pega Platform server. It is not Pega settings but infrastructure work. Please see attached for the detailed steps.
Although attached document is entirely about how to enable SSL at Tomcat, personally I would rather recommend another approach; that is, enabling and offloading SSL at load balancer instead of server side. With this solution, called "SSL offloading" or "SSL termination", Client and LB communicates with SSL, and LB and server communicates without SSL (see below diagram).
There are a couple of advantages in this solution. For server to process SSL encryption and decryption is a lot of work. Instead, if LB handles this job, it relieves a server of a burden and server can focus on its primary jobs. Traffic between the LB and the server would be unencrypted, but servers are hosted in the internal data center anyways. Also, if server handles SSL processing, you will need to have certificates for all nodes. Certificate is issued per machine and it may get painful when you scale out.
Above note is my personal preference and I am open to discussion. Please let me know if you have different perspectives.