Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-002
4-2
Using the Administration Server Securely
Using the Administration Server Securely
HP recommends that you access the iTP Secure WebServer Administration Server
only from secure transport connections. In some cases, you must provide the
password with which the servers key database file is encrypted, and this password
should not be transmitted unsecured.
To specify that the iTP Secure Administration server must accept requests from secure
connections only, modify the httpd.adm.config file to add a
RequireSecureTransport command to the Region directive for the /admin/*
region, as shown in the following example:
Region /admin/* {
RequireSecureTransport
AllowHost *.company.com
RequirePassword {WebServer Administration User}\
-userfile /conf/adm.passwd
IndexFile index.html
}
For even greater security, choose the -auth option of the RequireSecureTransport
directive to require that a web client certificate be presented when accessing the
administration area.
Overview of Server Configuration
This section provides an overview of the tasks involved in configuring the server to
accept and respond to secure transport requests (both SSL and PCT). This
configuration is done by using the methods described in the following sections:
Keyadmin Utility Configuration on page 4-2
Server Configuration on page 4-3
Keyadmin Utility Configuration
The process for using the keyadmin utility to configure the server for secure transport
includes the following steps:
1. Generate a public/private key pair for the server, as described in Using the
Keyadmin Utility to Manage Keys and Certificates on page 4-7. The keyadmin
utility creates the key pair, which is stored in the specified key database file.
If you are creating a new key database file, the password you specify is used to
encrypt the data in the key database file. You must remember the password.
2. Create the certificate request. See Creating a Certificate Request on page 4-9 for
details.
3. Make a backup of both the key database file and the certificate request.