Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide522659-001
4-2
Overview of Server Configuration
Region /admin/* {
RequireSecureTransport
AllowHost *.company.com
RequirePassword {WebServer Administration User}\
-userfile /conf/adm.passwd
IndexFile index.html
}
For even greater security, choose the -auth option of the
RequireSecureTransport directive to require that a web client certificate be
presented when accessing the administration area.
Overview of Server Configuration
This section provides an overview of the tasks involved in configuring the server to
accept and respond to secure transport requests (both SSL and PCT). This configuration
is done by using the methods described in the following sections:
Keyadmin Utility Configuration (See page 4-2)
Server Configuration (See page 4-3)
Keyadmin Utility Configuration
The process for using the keyadmin utility to configure the server for secure transport
includes the following steps:
1. Generate a public/private key pair for the server, as described in Using the
Keyadmin Utility to Manage Keys and Certificates on page 4-7. The keyadmin
utility creates the key pair, which is stored in the specified key database file.
If you are creating a new key database file, the password you specify is used to
encrypt the data in the key database file. You must remember the password.
2. Create the certificate request. See Creating a Certificate Request
on page 4-9 for
details.
3. Make a backup of both the key database file and the certificate request.
4. Obtain a certificate for the public key part of the pair from a Certificate Authority
(CA) by e-mailing the certificate-request file to the CA. This procedure is described
in Requesting a Certificate
on page 4-10.
5. Store the resulting public key certificate in the key database file by using the
keyadmin utility.
6. Make a new backup copy of the key database file once the certificate has been
added. Also, make a backup of the certificate itself.