HP e-Commerce / XML director server appliance sa8250 - Users Guide
C H A P T E R 2 SSL Fundamentals
39
Fulfillment of each virtual service is load balanced across a number
of real servers depending on the load balancing algorithm chosen.
Servers capable of fulfilling requests for a service are identified and
managed with the following commands:
config policygroup <name> service <name> server
create <name> port <port>
config policygroup <name> service <name> server
delete <name> port <port>
If you make an error while creating the policygroup, you must delete
it and create a new policygroup.
Client Authentication
By default, the SA8250 does not authenticate client identities;
however you can configure services to request client certificates for
the purpose of verifying identities. When you enable this feature, the
SA8250 verifies that client certificates are signed by a known
Certificate Authority (CA).
Issued client certificates are expected to be in use for their entire
validity period. The CA periodically issues a signed data structure,
called a Certificate Revocation List (CRL), containing the serial
numbers of all expired certificates. You can configure the SA8250 to
obtain and use a CRL using LDAP, HTTP, or FTP protocols. The
SA8250 first verifies a client certificate against the installed CA
certificate, and then looks up its serial number in the installed CRL.
If the serial number exists in the CRL, the SA8250 returns a message
to the client indicating that the client’s certificate was revoked, and
the client connection is terminated.