iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

Introduction to the iTP Secure WebServer

iTP Secure WebServer System Administrator’s Guide—522659-001

1-3

Features and Standards Supported by iTP Secure

WebServer

•

Microsoft Private Communications Technology (PCT version 1) protocol

The set of protocols that can be supported by a single instance of the iTP Secure

WebServer now consists of HTTP, SSL, and PCT.

•

Caching of session keys, encompassing all the secure transport protocols, including

PCT, SSL 2.0, and SSL 3.0.

•

Global session key caching provides increased overall SSL performance by allowing

a cache of SSL session keys to be shared amongst all instances of the httpd

serverclass, thereby maximizing the cache hits and minimizing the CPU and

network resources required for establishing SSL connections to the Himalaya

platform.

•

X509 version 3.0 certificates

•

Client authentication in SSL 3.0 and PCT

SSL request handling has been enhanced and PCT request handling has been added

to support client authentication. The server can request or require a web client to

authenticate itself and can restrict access based on client-authentication information

by using region commands or CGI variables.

•

Certificate Revocation Lists (CRLs)

The iTP Secure WebServer CRLs enable a server to revoke a certificate if the private

key associated with that certificate is compromised or lost.

•

Digest access authentication

Provides a challenge/response authentication mechanism for additional security; the

user’s password is not sent over the network.

•

VeriSign’s Global Server ID

The iTP Secure WebServer (domestic-secure version) supports VeriSign's Global

Server ID, which enables 128-bit SSL sessions with browsers that offer

Step-Up/Server Gated Cryptography (SGC) capability. The Global Server ID assures

your visitors of your site's legitimacy. For more information about using VeriSign’s

Global Server ID with the iTP Secure WebServer, see Support for International 128-

Bit SSL Sessions Using VeriSign’s Global Server ID on page 4-5.

The iTP Secure WebServer also provides hardware support of 1024 bit key-length

certificates that you can use with Atalla’s WebSafe2 Internet Security Processors

(WISPS), including Global Server ID.

•

Certificate chains

The iTP Secure WebServer uses the SSL 3.0 protocol to allow you to send certificate

chains to and from clients. By using certificate chains, you can establish a certificate

hierarchy that is more than two certificates deep. Certificate chains can be used by

the iTP Secure WebServer for hardware encryption (using the WebSafe2 unit) or for

software encryption.