iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-002

4-28

Controlling Access and Privacy

The KeyDatabase directive specifies the file to be used for storing keys and public-

key certificates.

The ServerPassword directive specifies the password used to encrypt the key

database file. This password must agree with the one you specified when running the

keyadmin utility. For details, see Changing the Key Database File Password on

page 4-15.

The AcceptSecureTransport directive specifies the TCP/IP process, DN, and port

to use for SSL and PCT connections.

The DN you enter must match the one specified in the keyadmin command when the

certificate request was generated.

The Region directive lets you control how clients access your secure server and its

contents. (These commands are entered between the curly braces.) The directive in

the example restricts access to /ssl-sample-dir to clients that use an SSL or a

PCT connection.

Controlling Access and Privacy

With SSL and PCT, all connections between a web client and the server are encrypted.

A web client can verify the server’s identity by using the server’s public-key certificate.

As described previously, you also can request or require a web client to authenticate

itself to the server.

To control server access and privacy, you can:

•

Specify Region commands to control server responses

•

Use SSL and PCT variables to access information within CGI programs

Specifying Content Access Using the Region Command

You use the Region directive’s RequireSecureTransport command to mandate

that only SSL and/or PCT connections can access particular regions of content. For

example, if you need to protect all your secret recipes from eavesdropping, you could

use the RequireSecureTransport command as follows:

Region /recipes/* {

RequireSecureTransport

}

In this example, all requests for objects in the /recipes region on the server must be

made using SSL or PCT.

Note. The standard port for SSL and PCT is 443. If you use this port, the server must be

started using the super ID, as described in Section 2, Installing the iTP Secure WebServer.