Manualshelf

iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide523346-012
4-2
Overview of Server Configuration
RequireSecureTransport command to the Region directive for the /admin/*
region, as shown in this example:
Region /admin/* {
RequireSecureTransport
AllowHost *.company.com
RequirePassword {WebServer Administration User}\
-userfile /conf/adm.passwd
IndexFile index.html
}
For even greater security, choose the -auth option of the RequireSecureTransport
directive to require that a Web client certificate be presented when accessing the
administration area.
Overview of Server Configuration
This section provides an overview of the tasks involved in configuring the server to
accept and respond to secure transport requests (both SSL and PCT). This
configuration is done by using the methods described in these sections:
Keyadmin Utility Configuration on page 4-2
Server Configuration on page 4-3
Keyadmin Utility Configuration
The process for using the keyadmin utility to configure the server for secure transport
includes these steps:
1. Generate a public/private key pair for the server, as described in Using the
Keyadmin Utility to Manage Keys and Certificates on page 4-7. The keyadmin
utility creates the key pair, which is stored in the specified key database file.
If you are creating a new key database file, the password you specify is used to
encrypt the data in the key database file. You must remember the password.
2. Create the certificate request. See Creating a Certificate Request on page 4-9 for
details.
3. Make a backup of both the key database file and the certificate request.
4. Obtain a certificate for the public key part of the pair from a Certificate Authority
(CA) by e-mailing the certificate-request file to the CA. This procedure is described
in Requesting a Certificate on page 4-11.
5. Store the resulting public key certificate in the key database file by using the
keyadmin utility.
6. Make a new backup copy of the key database file once the certificate has been
added. Also, make a backup of the certificate itself.