Starting in v13.4 the Gateway server will present its SSL certificate to Hosts such that it will replace the deprecated shared secret and Windows Authentication security relationships between Host and Gateway. This scheme is called the “TLS Certificate” security model. It provides the following features and benefits versus the previous relationships:
• On first connection, the Host sees a trusted SSL certificate matching the name it was configured to report to, and this occurs in ALL protocols (including TCP and UDP, commonly used on a LAN).
• The new scheme completely trusts the Gateway Server and does not allow for GWS rights to be restricted on the Host. This would appear to be a loss of functionality, but in fact it eliminates the ambiguity of whether the restriction is in effect or not. Trust of SSL certificates is a globally accepted security feature (e.g., enables banking on the internet), and while different than the security provided by Windows Authentication, is considered equivalent for these purposes.
• As long as the GWS can present a trusted SSL certificate to the Host, the Host will accept the connection. If the certificate expires or is invalidated, it can be replaced server-side with a valid, trusted certificate without needing to change anything at the Host.
