iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Contents
iTP Secure WebServer System Administrator’s Guide—522659-001
iii
3. Planning the iTP Secure WebServer PATHMON
Environment (continued)
3. Planning the iTP Secure WebServer PATHMON
Environment (continued)
Security for the Server’s Pathway Environment 3-5
Who Can Modify the Configuration Files?
3-6
Who Can Start/Stop the iTP Secure WebServer?
3-6
What TCP/IP Port Is the Distributor Process Monitoring?
3-6
Common Gateway Interface (CGI) Application Security Considerations
3-7
Pathway CGI Server Class Considerations
3-7
Other Security Considerations
3-7
Protecting the Key Database File
3-8
Protecting the Server Password
3-8
Protecting Core Dumps
3-9
Protecting Transmission of Key Database Files and Core Dumps
3-9
4. Configuring for Secure Transport
Using the Administration Server Securely 4-2
Overview of Server Configuration
4-2
Keyadmin Utility Configuration
4-2
Server Configuration
4-3
Managing Certificates
4-4
Formatting Distinguished Names (DNs)
4-4
Support for Internatl 128-Bit SSL Sessions Using VeriSign’s Global Server ID
4-5
Using the Keyadmin Utility to Manage Keys and Certificates
4-7
Using Server Certificate Chains With the iTP Secure WebServer
4-23
Managing Client Authentication
4-24
Using the -requireauth Option
4-25
Using the -requestauth Option
4-26
Updating SSL and PCT Configuration
4-27
Controlling Access and Privacy
4-29
Specifying Content Access Using the Region Command
4-29
Using SSL and PCT Environment Variables in CGI Programs
4-30
Controlling Encryption and Integrity Checking
4-30
Using Ciphers With the AcceptSecureTransport Directive
4-30
Constraints on Cipher Use
4-32