iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administrator’s Guide—523346-002
7-58
The WebSafe2 Configuration File
A brief description of each directive follows. Appendix A, Configuration Directives,
contains complete descriptions.
•
The Server directive creates a server class for the WID. If you want the WID
server class to run in the same PATHMON environment as the iTP Secure
WebServer, leave the Server directive in httpd.websafe.config. If not, you
must ensure that the WID server class is started in the PATHMON environment
where you want it to run.
•
The Keydatabase and ServerPassword directives are required. The
KeyDatabase directive specifies the database where the certificate and private
keys are stored. The ServerPassword directive specifies the password to use to
encrypt the key database.
•
The AcceptSecureTransport directive is required.
The -websafe option causes the iTP Secure WebServer to verify that the server
class for the WID exists and that it will accept and respond to messages from
processes that have the same owner as the WID. If the WID server class is
unavailable, an error message is generated and the httpd process does not start.
The -port option causes the iTP Secure WebServer to check for SSL requests on
the port specified.
The -cert option specifies the distinguished name (DN) of the certificate the iTP
Secure WebServer uses.
The -transport option specifies the TCP/IP process name.
The -nopct option specifies that the WISPs do not support the PCT protocol.
•
The Region directive controls access to the server by path component. The first
Region directive in the example limits access to the region ssl-sample-dir to
those clients that have SSL connections. The second directive prevents the
transmission of close_notify messages to the web client.
You may want to make changes in httpd.websafe.config in order to:
•
Use a WID server class defined in another PATHMON environment.
See Using an Existing WID Server Class on page 7-59.
•
Configure a Global Session Key Cache server.
See Configuring Global Session Key Caching on page 7-7.
•
Define multiple WID processes to support multiple WISPs or concurrent SSL
requests.
See Starting Multiple WID Processes on page 7-59.
•
Configure a timeout value to use when the iTP Secure WebServer is waiting for a
response from the WID.
See Specifying a Timeout Value for Server-to-WID Communications on page 7-60.