Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
51525354555657585960
Overview of Server Configuration
This section provides an overview of the tasks involved in configuring the server to accept and
respond to secure transport requests (both TLS and SSL). The server can be configured using the
following methods:
“Keyadmin Utility Configuration” (page 54)
“Server Configuration” (page 54)
Keyadmin Utility Configuration
The process for using the keyadmin utility to configure the server for secure transport includes
these steps:
1. Generate a public/private key pair for the server, as described in “Using the Keyadmin Utility
to Manage Keys and Certificates (page 56). The keyadmin utility creates the key pair, which
is stored in the specified key database file.
If you are creating a new key database file, the password you specify is used to encrypt the
data in the key database file. You must remember the password.
2. Create the certificate request. For details, see “Creating a Certificate Request” (page 58) for
details.
3. Make a backup of both the key database file and the certificate request.
4. Obtain a certificate for the public key part of the pair from a Certificate Authority (CA) by
e-mailing the certificate-request file to the CA. This procedure is described in “Requesting a
Certificate” (page 59).
5. Store the resulting public key certificate in the key database file by using the keyadmin utility.
6. Make a new backup copy of the key database file once the certificate has been added. Also,
make a backup of the certificate itself.
7. To use Diffie-Hellman key-exchange method, generate and store Diffie-Hellman key-exchange
parameters with desired size and filename.
Server Configuration
After you have used the keyadmin utility for server configuration, complete the server configuration
by following these steps:
1. Specify the path name of the key database file by using the KeyDatabase configuration
directive. See “KeyDatabase” (page 217) for information about using this directive.
2. Specify the password for decrypting the key database file.
Using the ServerPassword directive, specify the password the server will use to decrypt the
data in the key database file. You can arrange for this password to be obtained by:
Specifying it directly in the configuration file.
Reading it from a different file.
For an example of specifying the encryption password, see “ServerPassword” (page 252).
The password specified by the ServerPassword directive must agree with the password used
to encrypt the key database file, as specified through the keyadmin utility.
3. Enable the server to use TLS or SSL.
Use the AcceptSecureTransportconfiguration directive to configure the server to check
for TLS or SSLconnections. You must specify the DN of the certificate to use for the server by
using the -certoption. In addition, you can specify these parameters:
Transport name
Host name, address, and port to use
54 Configuring for Secure Transport