Central systems, such as load balancer, that are responsible for communication between client and server are often the target of attacks from the Internet. To close current and known security gaps, several measures are conceivable. They are briefly described and discussed here.
Always keep your operating system updated. Run necessary security updates on a regular basis.
Always keep your product installation updated. Regularly check if new fixes are available for your installation and install them.
Do not use a self-signed certificate for load balancer, instead let your keystore sign it by an auhorized institution.
To close the so-called "Logjam" security gap you need to generate a so-called "Diffie-Hellman" group for load balancer. To do so, proceed as follows:
Switch to the directory <installation directory>\server\bin\agentLocalRepo\.unpacked\httpd-run-prod-<version>-runnable.zip\httpd\bin. Replace <installation directory> with the path to your PPM installation and <version> with the version installed on your machine.
Open a command line and enter the following command:
openssl dhparam -out dhparams.pem 2048
This generates a user-defined DH group in a file called dhparams.pem in the same directory.
Now you need to attach the contents of this file to the SSL certificate of the server in the following directory.