Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
iTP Secure WebServer System Administrator’s Guide522659-001
4-1
4
Configuring for Secure Transport
The Secure Sockets Layer (SSL) and Microsoft Private Communications Technology
(PCT) protocols provide security enhancements for the Web. These enhancements
include encryption, for ensuring privacy, and authentication (using key certificates), for
verifying the identity of servers, and, optionally, clients.
This section explains how to prepare the iTP Secure WebServer to use encryption
provided by SSL, PCT, or both. Use the procedures in this section after installing the iTP
Secure WebServer (see Installing and Configuring the iTP Secure WebServer
on
page 2-6) and configuring the PATHMON environment (see Configuring the PATHMON
Environment on page 3-3).
The iTP Secure WebServer can handle SSL and PCT requests simultaneously with
HyperText Transfer Protocol (HTTP) requests.
After providing an overview to the configuration process, this section explains how to
configure the server for SSL and PCT and includes these topics:
Managing Certificates (See page 4-4)
Managing Client Authentication (See page 4-24)
Updating SSL and PCT Configuration (See page 4-26)
Controlling Access and Privacy (See page 4-28)
Updating SSL and PCT Configuration (See page 4-26)
Controlling Encryption and Integrity Checking (See page 4-29)
If you are unfamiliar with security concepts such as encryption, authentication, public
and private keys, and Certificate Authorities (CAs), see Appendix D, Security Concepts,
before proceeding further in this section.
Using the Administration Server Securely
Compaq recommends that you access the iTP Secure WebServer Administration Server
only from secure transport connections. In some cases, you must provide the password
with which the server’s key database file is encrypted, and this password should not be
transmitted unsecured.
To specify that the iTP Secure Administration server must accept requests from secure
connections only, modify the httpd.adm.config file to add a
RequireSecureTransport command to the Region directive for the /admin/*
region, as shown in the following example:
Note. The nonsecure version of the iTP WebServer does not support SSL or PCT.