Hi, Ramkumar >But internally these components are hosted in non-SSL ports:- >8081 OxAuth Server 8082 OxTrust Server 8084 Asimba 8086 IDP That's correct, but they also listen on loopback interface: ``` tcp6 0 0 127.0.0.1:8081 :::* LISTEN 89448/java tcp6 0 0 127.0.0.1:8082 :::* LISTEN 32558/java tcp6 0 0 127.0.0.1:8084 :::* LISTEN 72002/java tcp6 0 0 127.0.0.1:8085 :::* LISTEN 71707/java tcp6 0 0 127.0.0.1:8086 :::* LISTEN 70803/java ``` So, unless you are planning to implement some quite complex setup with front-end web server (Apache by default) running on a a host different from the one where core components run, it shouldn't be a big issue, they cannot be easily contacted from outside, and using SSL there will add some overhead, and probably will be an overkill. If, in contrary, you are planing to use some non-standard setup, this may already go beyond scope of free community support. I remember a few of our bigger customers/partners have tried a complex setups involving distribution of Gluu's components over multiple hosts, reverse proxies, clusters and LBs, but those were very situation-depended and I'm not sure we can provide details on those "as is", due to privacy issues. In general, in such cases we recommend to get a helping hand from our partners dealing with system integrations, as it's already not that directly related to identity management field, it's more like a system administration and architecture issue. It's a different case if you could be interested into buying a paid support plan, though. Depending on complexity of your intended setup, we could even be able to provide some solution using our internal resources and past experience in similar cases. But it assumes a huge time and effort investment from our side, so it can't be free. I also saw your other tickets, and it seems you have a set of challenging tasks at hand, so I guess you could benefit from some guaranteed first-hand support. But in any case, you could describe your intended setup in more details, the more clear picture we have, the more chances are that you will get a good advice on possible options. Your description is too sketchy at the moment. If paid support plan seems like an option to you, you could even book a call to discuss your projects, terms and extent of involvement we can offer.

To be honest, this part: >Is there road map to make above 3 components to host in SSL ports. In our environment, we plan to host all components in SSL mode. ...seems to me like a quite straightforward part, a regular system administration task. You should check Apache's and Jetty's documentation, try to experiment a bit, may be it's not that complex as it seems (with that little details I can't say how complex it is, in fact).

It is not required to run SSL, because these are local services, and the server will use sockets to communicate. Secure communications is only required if you traverse a network. If you are deploying the services on different servers, where network connection is required, you can front end each service with an apache or nginx server, and manage SSL between the apache proxy and the service as normal.