iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—523346-002

5-16

How to Use Server Certificate Chains With

WebSafe2 Encryption

4. Stop the server by executing the stop script that is in the

<installation directory>/conf directory:

: ./stop

You should not get any error messages. The Pathmon process and any other

processes started by the iTP Secure WebServer are stopped.

5. Verify that the server has stopped:

: ps

You should not see the Distributor, httpd, or generic-cgi.pway processes

running.

The EMS log file should reveal that the httpd processes have closed the

$RECEIVE file.

How to Use Server Certificate Chains With

WebSafe2 Encryption

The iTP Secure WebServer’s SSL 3.0 protocol allows you to send and receive

certificate chains and to use certificate chains with WebSafe2 encryption. By using the

certificate chain option, you can establish a certificate hierarchy that is more than two

certificates deep. Server certificate chain support allows iTP Secure WebServers to

use VeriSign Global Server IDs, which are certificate chains.

For information about Global Server IDs, see Support for International 128-Bit SSL

Sessions Using VeriSign’s Global Server ID on page 4-5. For more information about

certificates and certificate chains, see Using Certificates on page D-6.

No configuration changes to the iTP Secure WebServer or WID are required for this

feature. However, because certificate chain transmission between clients and servers

requires SSL 3.0 support, you need to ensure that you are using the latest versions of

both the iTP Secure WebServer and the WID.

To create a server certificate chain, do the following:

1. Obtain leaf and intermediate certificates from the appropriate CA. You can get

certificates to support a Global Server ID from VeriSign at the following web site:

http://www.verisign.com

2. For a certificate chain sent from VeriSign, the leaf certificate is the certificate that

follows the text SERVER SUBSCRIBER CERTIFICATE, and the intermediate

certificate is the certificate that follows the text INTERMEDIATE CA

CERTIFICATE. The leaf certificate must be added before the intermediate

certificate.