iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—523346-012
4-32
Updating SSL and PCT Configuration
Updating SSL and PCT Configuration
After you have generated the public/private key pair, installed the certificate, and
changed the key database file password, you must update the configuration file
httpd.stl.config with this new information and the DN you used when running the
keyadmin utility. This file is located in the /usr/tandem/webserver/conf directory.
The contents of httpd.stl.config are shown in Example 4-3. Brief descriptions of
them follow the example. For a complete description of the directives, see Appendix A,
Configuration Directives.
Valid certificate
but root
certificates do not
match
The server requested client authentication and received a client
certificate chain which contains X509 version 3 certificates. The
public key contained within the root certificate of the chain
provided by the Web client matches the public key from the root
certificate in the key database file, but one or more other fields
within the two certificates do not match. This condition usually
happens when the root certificate has been renewed, but either
the Web client or the key database file has not been updated
with the new certificate.
Valid certificate The server requested and received a client certificate or client
certificate chain, and all previous checks have passed.
Note. If the iTP Secure WebServer finds one or more errors when validating a certificate, it
reports the first error only.