iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

201

202

203

204

205

206

207

208

209

210

-cert cert-name

Use the -cert argument to specify the distinguished name (cert-name) of the certificate to be

used for TLS or SSL requests associated with the virtual host. The Distinguished Name must match

the name in the key database file.

The -cert argument is required.

-address server-addr

Use the -address argument to configure the server to accept connections on a specified address

(server-addr). The address you specify can be either a numeric IP address or a valid name or

alias registered with the Domain Name Server (DNS). If no -address argument is specified, the

iTP Secure WebServer accepts connections on all IP addresses currently valid for the iTP Secure

WebServer machine.

The following examples configure the httpd process to receive messages on any IPv4 or IPv6

address associated with the process $ZTC0, to use a specified IPv4 or IPv6 address with the process

$ZTC1, and to use the IP address bound to the DNS name www.goblet.com with the process

$ZTC2:

-transport /G/ZTC0 -cert DN

-transport /G/ZTC0 -address :: -cert DN

-transport /G/ZTC1 -address 120.1.2.13 -cert DN

-transport /G/ZTC1 -address fe80::ffff:abcd:1 -cert DN

-transport /G/ZTC2 -address www.goblet.com -cert DN

If server-addr is not an IP address associated with the TCP/IP process name in the TCP/IP

configuration, an error is reported during httpd process startup. The error message reports that the

server cannot bind to the combination of TCP/IP process name, IP address, and port (as specified

in the -port argument).

If server-addr is specified in DNS format, an attempt is made to bind to each IP address to

which the DNS name maps. Bindings that fail because the address is not available are ignored.

All successful binds are kept. If no binds are successful, an error is reported and the httpd process

does not start.

For the DNS format to be used, the address-resolved file, $SYSTEM.ZTCPIP.RESCONF for IPv4

addresses and $SYSTEM.ZTCPIP.IPNODES for IPv6 addresses, must be set up and contain the

correct IP addresses for the name servers.

-ciphers list-of-ciphers

Use the -ciphers argument to specify a Tcl list of ciphers. The iTP Secure WebServer uses the

bulk encryption algorithms described by this list. The ciphers available for encryption include:

Table 29 List of Ciphers for AcceptSecureTransport

Cipher-codeCipher

AES_256_CBCAES-256

AES_128_CBCAES-128

CAMELLIA_256_CBCCamellia-256

CAMELLIA_128_CBCCamellia-128

RC4_128RC4-128(ARC4-128)

3DES_CBCTriple DES

Except for RC4, each of these ciphers is operated in the cipher block chaining (CBC) mode, which

alters the block of data before encrypting.

Table 30 (page 202) lists the cipher-hashing algorithm pairs supported in iTP Secure WebServer.

AcceptSecureTransport 201