Manualshelf

J06.17 Release Version Update Compendium

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
11121314151617181920
8 Networking Products
iTP Secure WebServer 7.5
These features are added for this release:
Support for encrypting exported keys and importing already encrypted keys
The keyadmin and dbmigrate utilities now support exporting the keys stored in key database
in PKCS#8 format encryption. The keys are encoded using either PEM or DER format and then
encrypted using one of AES256/AES192/AES128/3DES encryption methods. Default is
AES256. The default encoding algorithm is PEM.
The keyadmin utility also supports importing already encrypted keys into the key database
after decrypting them. The supported encoding and encrypting algorithms are the same for
importing and exporting operations.
Support for new hashing algorithms
A higher level of security is provided with the support of SHA256 hashing algorithm. The
AcceptSecureTransport directive supports a new option, hashAlgorithm. You can
specify the list of hashing algorithms to be supported in the iTP Secure WebServer configuration
with this option.
Online update of individual SERVERCLASS configuration
The restart option allows you to specify the SERVERCLASS name to be restarted without
impacting the hypertext transfer protocol daemon (httpd) or other application SERVERCLASS.
You can restart one SERVERCLASS at a time. This feature is useful, for example, when a
configuration change of a SERVERCLASS requires it to be restarted. Using this feature ensures
other SERVERCLASSES are not affected.
Instead of repeatedly executing a command to restart each SERVERCLASS, you can use the
new script, updatesc, which is present in the conf directory. This script allows you to specify
the list of SERVERCLASSES that must be restarted. Specify the names of the SERVERCLASSES
with space as the delimiter.
Support to limit the content length of HTTP POST request
The directive MaxPostRequestSize allows you to limit the content length of any HTTP POST
request. You can use either of the following methods to specify this directive:
As a directive in the httpd configuration file - the limit applies for all the HTTP POST
requests received by the iTP Secure WebServer.
As a command in the Region directive - the limit applies only for the HTTP POST request
received by the iTP Secure WebServer for a specific region.
Support for separate database files for different certificates
You can specify the database that contains only the trusted client root certificates and certificates
required to verify client certificates during client authentication. iTP Secure WebServer reads:
The server certificate chain from the key database file specified with the
ClientCADatabase directive.
Trusted client root certificates from the key database file specified with the new optional
directive ClientCADatabase. Add the root certificate of client certificate chain to this
database for verifying the client certificate during client authentication.
If the ClientCADatabase directive is not configured, the behavior of iTP Secure
WebServer 7.5 is the same as in older versions.
18 Networking Products