What is the Certificate Trust Chain Used to Sign Client Archives for Secure Global Desktop ? (Doc ID 1663901.1)

Last updated on OCTOBER 26, 2016

Applies to:

Oracle Secure Global Desktop - Version 5.1 to 5.2 [Release 5.0]
Information in this document applies to any platform.

Goal

A security-focused Secure Global Desktop (SGD) customer with tightly administered client machines would like to tightly constrain the list of pre-approved root Certificate Authorities (CAs) in their browser and Java trust store:  only specifically approved CAs will remain enabled. 

To facilitate this, the Administrator would like to verify the minimum list of approved root CAs to be provisioned to locked down clients that will allow Secure Global Desktop to work as expected.

This is an extremely site-specific requirement, and should not be necessary for most SGD customers.

Note: This advice outlined makes no provision for the CA used to generate X.509 / SSL certificates that may be used to encrypt client / server connections--this document is specific to the client archives that have been signed by Oracle to guarantee authenticity. Administrators looking for details on securing traffic between client and server are advised to review the Secure Global Desktop Security Guide for further information on that procedure.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms