HTTPS/SSL certificates

When a grid client connects to the grid using HTTPS, the default behavior is server authentication only. The server (that is, the grid host) authenticates to the client using the SSL certificate in the HTTPS identity configured on the router that is accessed. In order for this authentication to work, the client must trust the signer of this certificate, which is either the grid root certificate or an external CA.

The SSL certificates in the HTTPS identities are used by the routers in the grid (the routers are the HTTPS endpoints). By configuring different HTTPS identities for routers on the same host it is possible to have different SSL certificates on different routers on the same host. The default host identity can be used for internal access, and another identity can be created for access via a load balancer.

It is recommended to have the client browser either trust the grid root certificate, or use SSL certificates signed by a CA already trusted by the client browsers. For more information, see Grid-signed vs. CA-signed certificates.