Hi fmoro,
SSL/TLS may be the most popular protocol for encrypted communication on the Internet but there are some other protocols such as SSH (Secure Shell).
CA SSO Policy Server and Agents are using our proprietary protocol based on symmetric key encryption.
Let me try answering your questions.
> I saw different time the mandatory task to insert a certificate on Apache to contact the backend. This means that SSL is enabled.
It seems the certificate is used for SSL communication between Apache proxy module and the backend server which is SAP AS in your case.
> But, reading "The communication between Policy Servers and Web Agents is not either HTTPS or LDAPS"... this means that SSL is not present from Webserver to Policy Server?
>
Correct. The Policy Server is listening for TCP connections from agents on ports 44441, 44442 and 44443 by default. SSL/TLS isn't accepted by these ports.
> And to complete the use case: we have policy server needs to talk to SAP AS. In this case, can we use SSL?
Do you mean the Agent for SAP AS? It doesn't use SSL/TLS either. SSL/TLS can be used between Apache and SAP AS, but we don't use SSL/TLS between the Agent for SAP AS and the Policy Server.
Regards,
Seiji