iTP Secure WebServer System Administrator's Guide (Version 7.0)

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-012

4-33

Updating SSL and PCT Configuration

The KeyDatabase directive specifies the file to be used for storing keys and public-

key certificates.

The ServerPassword directive specifies the password used to encrypt the key

database file. This password must agree with the one you specified when running the

keyadmin utility. For details, see Changing the Key Database File Password on

page 4-17.

The AcceptSecureTransport directive specifies the TCP/IP process, DN, and port

to use for SSL and PCT connections.

The DN you enter must match the one specified in the keyadmin command when the

certificate request was generated.

The Region directive enables you to control how clients access your secure server

and its contents. (These commands are entered between the curly braces.) The

directive in the example restricts access to /ssl-sample-dir to clients that use an

SSL or a PCT connection.

Example 4-3. Sample Secure Transport httpd.stl.config File

# httpd.stl.config

# Configure the required Secure Transport information

# Disable transmission of SSLv3 close_notify alert messages to

# Microsoft browsers.

Region /* {

if {[info exists HEADER(user-agent)]

&& [string match "*MSIE*" $HEADER(user-agent)]} {

DisableCloseNotify

}

KeyDatabase $root/conf/test_key.db

ServerPassword WebServer

AcceptSecureTransport -transport /G/ZTC0 -port 4571 -address

172.31.24.12 -cert

{CN=Secure Transport Bootstrap Certificate, OU=Testing Only - Do

Not Trust for Secure Transactions, OU=No Assurance - Self-

Signed, OU=Generated Mon Dec 22 09:1421 UTC+ 2003, O=HP-NED}

Note. The standard port for SSL and PCT is 443. If you use this port, the server must be

started using the super ID, as described in Section 2, Installing the iTP Secure WebServer.