iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—522659-001

5-3

The Secure Configuration Terminal (SCT)

The iTP Secure WebServer’s SSL 3.0 protocol using WebSafe2 encryption allows you to

send and receive certificate chains to and from the iTP Secure WebServer. For

information about sending and receiving certificate chains, see How to Use Server

Certificate Chains With WebSafe2 Encryption on page 5-16.

The Secure Configuration Terminal (SCT)

The SCT is a handheld device whose menu-driven interface is used to define key values,

send keys to the WISP, and perform configuration and utilities functions for the WISP.

When a power supply and an adapter are attached to the SCT, the SCT can define keys

and passwords without being connected to the WISP, store them, then send them to the

WISP when connected to it.

The WebSafe2 Interface Driver (WID)

To use a WISP, you must install the WID software, which provides an interface between

the WISP and the iTP Secure WebServer. The WID is a NonStop TS/MP server class

that you can run in the iTP Secure WebServer PATHMON environment or in any other

PATHMON environment on the same NonStop system.

A WID process uses only one WISP.To use multiple WISPs concurrently, you can define

multiple processes in the WID server class. Here are a few guidelines for defining the

right number of servers in the WID server class:

•

Define a number of static servers (Numstatic) equal to the average number of

concurrent SSL sessions. The values of the Maxlinks and Linkdepth attributes of the

server class must be 1.

•

Define a maximum number of servers (Maxservers) no greater than the maximum

number of connections for all WISPs (currently 14 on each WISP).

•

Define a number of httpd (WebServer) processes at least equal to the number of

processes in the WID server class.

If there are multiple WISPs in the configuration and only one WID server, the WID uses

them in the order they are referred to in configuration; if a WISP in use fails, the WID

can use the next one in the configuration.

The number of WISPs need not be as great as the number of WID processes: multiple

WID processes can use the same WISP.

How the iTP Secure WebServer Uses WebSafe2

Internet Security Processors (WISPs)

The WISP generates the public/private key pair used by the iTP Secure WebServer and

protects the private key by encrypting it an MFK. While the iTP Secure WebServer is

operating, the WISP decrypts the master keys that clients send, thus enabling the server

to generate session keys to use when communicating with those clients. Figure 5-2

illustrates this behavior.