iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Configuring the iTP Secure WebServer

iTP Secure WebServer System Administrator’s Guide—522659-001

7-57

The WebSafe2 Configuration File

A brief description of each directive follows. Appendix A, Configuration Directives,

contains complete descriptions.

•

The Server directive creates a server class for the WID. If you want the WID

server class to run in the same PATHMON environment as the iTP Secure

WebServer, leave the Server directive in httpd.websafe.config. If not, you

must ensure that the WID server class is started in the PATHMON environment

where you want it to run.

•

The Keydatabase and ServerPassword directives are required. The

KeyDatabase directive specifies the database where the certificate and private

keys are stored. The

ServerPassword directive specifies the password to use to

encrypt the key database.

•

The AcceptSecureTransport directive is required.

The

-websafe option causes the iTP Secure WebServer to verify that the server

class for the WID exists and that it will accept and respond to messages from

processes that have the same owner as the WID. If the WID server class is

unavailable, an error message is generated and the httpd process does not start.

The

-port option causes the iTP Secure WebServer to check for SSL requests on

the port specified.

The

-cert option specifies the distinguished name (DN) of the certificate the iTP

Secure WebServer uses.

The

-transport option specifies the TCP/IP process name.

The

-nopct option specifies that the WISPs do not support the PCT protocol.

•

The Region directive controls access to the server by path component. The first

Region directive in the example limits access to the region ssl-sample-dir to

those clients that have SSL connections. The second directive prevents the

transmission of

close_notify messages to the web client.

You may want to make changes in httpd.websafe.config in order to:

•

Use a WID server class defined in another PATHMON environment.

See Using an Existing WID Server Class

on page 7-58.

•

Configure a Global Sesion Key Cache server.

See Configuring Global Session Key Caching

on page 7-7.

•

Define multiple WID processes to support multiple WISPs or concurrent SSL

requests.

See Starting Multiple WID Processes

on page 7-58.

•

Configure a timeout value to use when the iTP Secure WebServer is waiting for a

response from the WID.

See Specifying a Timeout Value for Server-to-WID Communications

on page 7-59.