iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—522659-001
4-27
Updating SSL and PCT Configuration
The KeyDatabase directive specifies the file to be used for storing keys and public-
key certificates.
The ServerPassword directive specifies the password used to encrypt the key
database file. This password must agree with the one you specified when running the
keyadmin utility. For details, see Changing the Key Database File Password
on
page 4-15.
The AcceptSecureTransport directive specifies the TCP/IP process, DN, and port
to use for SSL and PCT connections.
The DN you enter must match the one specified in the keyadmin command when the
certificate request was generated.
The Region directive lets you control how clients access your secure server and its
contents. (These commands are entered between the curly braces.) The directive in the
example restricts access to /ssl-sample-dir to clients that use an SSL or a PCT
connection.
Example 4-3. Sample Secure Transport httpd.stl.config File
# httpd.stl.config
# Configure the required Secure Transport information
#
# Disable transmission of SSLv3 close_notify alert messages to
# Microsoft browsers.
#
Region /* {
if {[info exists HEADER(user-agent)]
&& [string match "*MSIE*" $HEADER(user-agent)]} {
DisableCloseNotify
}
}
KeyDatabase $root/conf/test_key.db
ServerPassword WebServer
AcceptSecureTransport -transport /G/ZTC0 -port 443 -cert
{CN=Test Key, OU=Testing Only, O="Tandem Computers,Inc.",
ST=California,C=US}
Region /*/ssl-sample-dir {
RequireSecureTransport
}
Note. The standard port for SSL and PCT is 443. If you use this port, the server must be
started using the super ID, as described in Section 2, Installing the iTP Secure WebServer
.