iTP Secure WebServer System Administrators Guide (Version 7.5+)
With LNP configured, iTP Secure WebServer can bind and listen on multiple TCPIPv6 transports
and servers across multiple networks. Additionally, when LNP is configured over TCP/IPv6, iTP
Secure WebServer can listen on all combinations of IP and port from the list of configured
combinations provided by the user. For using LNP feature of iTP Secure WebServer it is necessary
that LNP be properly configured on the system.
A typical configuration for enabling iTP Secure WebServer to work with LNP requires a proper
system-level TCP/IPv6 LNP configuration and proper changes in the iTP Secure WebServer's
configuration file (multiple Accept directives). For example, if there are four TCP/IPv6 transport
processes, namely $ZSAM0, $ZSAM1, $ZSAM2, $ZSAM3, running on a system configured on four
different IP addresses, then iTP Secure WebServer's configuration file must specify the following:
Accept -transport /G/ZSAM0 -port 80 -address 172.31.24.12
Accept -transport /G/ZSAM1 -port 80 -address 172.31.24.13
Accept -transport /G/ZSAM2 -port 80 -address 172.31.24.14
Accept -transport /G/ZSAM3 -port 80 -address 172.31.24.15
It is noteworthy that in this case, it becomes mandatory to mention address and port attribute
for each of the Accept directives. However, the order of the Accept directives is not relevant in
this case.
Generate Diffie-Hellman Parameters
The setup script prompts for the Diffie-Hellman key-exchange parameters generation.
If you wish to use Diffie-Hellman key-exchange method, it is recommended
that you generate Diffie-Hellman parameters. If these parameters are
not generated iTP WebServer will use default parameters.
Do you wish to generate Diffie-Hellman parameters? Type y/n (Default:
y) #:
If answered with y, setup creates Diffie-Hellman parameters with parameter size 1024. The
parameters are stored in the file dh_params in webserver’s conf directory. If answered with n,
setup does not create these parameters and gives warning.
iTP WebServer now use default parameters for Diffie-Hellman key-exchange.
It is recommended that you create a parameter file with the help of
keyadmin utility.
Setup for IP CIP Support
In addition to scanning for conventional TCP/IP processes and TCP/IPv6, the setup script checks
for the presence of CIPSAM processes on the target system and prompts for your response. Following
are some examples of the interaction:
If you wish to use IP CLIM as your underlying transport services, you need only one CIPSAM (CIP Socket Access
Method) process. Therefore, the following lookup process will only list the first one it encounters.
If you wish to use a CIPSAM process other than the first one in the list, please follow the manual configuration
procedures.
Do you wish to use ONLY IP CLIM as your transport services?
Type y/n (Default: n) #:
You can use the conventional TCP/IP support, the IP CIP support, or both. If you want to use both
versions of support (for a non-iTP Secure WebServer reason) you will not be able to use the
Auto-Accept feature from the iTP Secure WebServer; this results in low performance improvement.
The sample script continues as if you had replied Yes to the IP CIP query by displaying a menu.
In the following example, the script finds a CIPSAM process ($CSAM) running; and hence, enables
you to continue with the configuration.
1) Skip configuring iTP WebServer (i.e., configuration exists)
2) Auto-configure iTP WebServer
Defaults:
TCP/IP process: /G/CSAM
TCP/IP Port: 80
Installing and Configuring the iTP Secure WebServer 43