iTP Secure WebServer System Administrator's Guide (Version 7.0)
Contents
iTP Secure WebServer System Administrator’s Guide—523346-012
iii
3. Planning the iTP Secure WebServer PATHMON
Environment (continued)
3. Planning the iTP Secure WebServer PATHMON
Environment (continued)
Threading Considerations for the httpd Server 3-4
Security for the Server’s Pathway Environment 3-5
Who Can Modify the Configuration Files? 3-6
Who Can Start/Stop the iTP Secure WebServer? 3-6
What TCP/IP Port Is the Distributor Process Monitoring? 3-6
Common Gateway Interface (CGI) Application Security Considerations 3-7
Pathway CGI Server Class Considerations 3-7
Other Security Considerations 3-7
Protecting the Key Database File 3-7
Protecting the Server Password 3-8
Protecting Core Dumps 3-9
Protecting Transmission of Key Database Files and Core Dumps 3-9
4. Configuring for Secure Transport
Using the Administration Server Securely 4-1
Overview of Server Configuration 4-2
Keyadmin Utility Configuration 4-2
Server Configuration 4-3
Managing Certificates 4-4
Formatting Distinguished Names (DNs) 4-4
Support for International 128-Bit SSL Sessions Using VeriSign’s Global Server
ID 4-5
Using the Keyadmin Utility to Manage Keys and Certificates 4-7
Using Server Certificate Chains With the iTP Secure WebServer 4-28
Managing Client Authentication 4-29
Using the -requireauth Option 4-30
Using the -requestauth Option 4-31
Updating SSL and PCT Configuration 4-32
Controlling Access and Privacy 4-34
Specifying Content Access Using the Region Command 4-34
Using SSL and PCT Environment Variables in CGI Programs 4-35
Controlling Encryption and Integrity Checking 4-35
Using Ciphers With the AcceptSecureTransport Directive 4-35
Constraints on Cipher Use 4-36
5. Integrating the WebSafe2 Internet Security Processor (WISP)
The Secure Configuration Terminal (SCT) 5-3