iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Contents
iTP Secure WebServer System Administrator’s Guide—523346-002
iii
3. Planning the iTP Secure WebServer PATHMON
Environment (continued)
3. Planning the iTP Secure WebServer PATHMON
Environment (continued)
What TCP/IP Port Is the Distributor Process Monitoring? 3-6
Common Gateway Interface (CGI) Application Security Considerations 3-7
Pathway CGI Server Class Considerations 3-7
Other Security Considerations 3-7
Protecting the Key Database File 3-7
Protecting the Server Password 3-8
Protecting Core Dumps 3-8
Protecting Transmission of Key Database Files and Core Dumps 3-9
4. Configuring for Secure Transport
Using the Administration Server Securely 4-2
Overview of Server Configuration 4-2
Keyadmin Utility Configuration 4-2
Server Configuration 4-3
Managing Certificates 4-4
Formatting Distinguished Names (DNs) 4-4
Support for International 128-Bit SSL Sessions Using VeriSign’s Global Server
ID 4-5
Using the Keyadmin Utility to Manage Keys and Certificates 4-7
Using Server Certificate Chains With the iTP Secure WebServer 4-23
Managing Client Authentication 4-24
Using the -requireauth Option 4-25
Using the -requestauth Option 4-26
Updating SSL and PCT Configuration 4-27
Controlling Access and Privacy 4-28
Specifying Content Access Using the Region Command 4-28
Using SSL and PCT Environment Variables in CGI Programs 4-29
Controlling Encryption and Integrity Checking 4-30
Using Ciphers With the AcceptSecureTransport Directive 4-30
Constraints on Cipher Use 4-31
5. Integrating the WebSafe2 Internet Security Processor (WISP)
The Secure Configuration Terminal (SCT) 5-3
The WebSafe2 Interface Driver (WID) 5-3
How the iTP Secure WebServer Uses WebSafe2 Internet Security Processors
(WISPs) 5-4
Fault-Tolerance Requirements 5-5