iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—522659-001

4-4

Managing Certificates

6. Include security properties in HTML documents.

Use the HTTPS protocol specifier (https) in anchor specifications to tell the web

client that SSL or PCT should be used, as the following example shows:

https://www.oregon-club.com/recipes

If you are using an SSL or PCT port other than the default (443), specify the port:

https://www.oregon-club.com:444/recipes

Managing Certificates

Each iTP Secure WebServer must have a public key pair for encrypting and decrypting

secure transactions. The public key must be signed by a CA in the form of a certificate.

The certificate verifies the binding of the public key to a particular DN, which uniquely

identifies a particular web server. (See Requesting a Certificate

on page 4-10.)

The same certificate can be used for both SSL and PCT.

This section describes how to manage certificates and covers these topics:

•

Formatting Distinguished Names (DNs) (See page 4-4)

•

Support for International 128-Bit SSL Sessions Using VeriSign’s Global Server ID

(See page 4-5)

•

Using the Keyadmin Utility to Manage Keys and Certificates (See page 4-7)

•

Using Server Certificate Chains With the iTP Secure WebServer (See page 4-23)

Formatting Distinguished Names (DNs)

DNs are specifications that identify persons or organizations to associate with particular

keys. DNs consist of lists of attributes that identify such entities as company name and

company location. For example:

•

CN="Compedia, Inc."

•

ST=New Hampshire

CAs use DNs to formally bind particular persons or organizations to particular keys. The

individual attributes in DNs are separated by commas and must be specified in the order

required by a particular CA.