Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-002
4-18
Using the Keyadmin Utility to Manage Keys and
Certificates
Updating the Default Root Certificates
The iTP Secure WebServer supports a set of default root certificates for domestic use
(United States and Canada). If a request arrives and client authentication is required,
the iTP Secure WebServer checks the certificate to see whether it matches any of the
default root certificates; if the certificate matches, the request is accepted, and if not,
the request is rejected. To restrict the set of accepted certificates, or to define the
certificates used outside the United States and Canada, you specify the corresponding
DNs in AcceptSecureTransport directives in your configuration file.
The default root certificates for the current release of the iTP Secure WebServer are as
shown in Example 4-2:
Example 4-2. Example Default Root Certificate (page1of4)
-----------------------------------
Distinguished Name
OU: Class 4 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present
-----------------------------------
Distinguished Name
OU: Class 3 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present
-----------------------------------
Distinguished Name
OU: Class 2 Public Primary Certification Authority
O: Verisign, Inc.
C: US
State: Root Enabled
Private Key: Not Present
Public Key: Present
Certificate: Present