iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—523346-012
4-3
Server Configuration
Server Configuration
After you have used the keyadmin utility for server configuration, complete the server
configuration by following these steps:
1. Specify the path name of the key database file by using the KeyDatabase
configuration directive. See KeyDatabase on page A-28 for information about using
this directive.
2. Specify the password for decrypting the key database file.
Using the ServerPassword directive, specify the password the server will use to
decrypt the data in the key database file. You can arrange for this password to be
obtained by:
•
Specifying it directly in the configuration file.
•
Reading it from a different file.
For an example of specifying the encryption password, see ServerPassword on
page A-77.
The password specified by the ServerPassword directive must agree with the
password used to encrypt the key database file, as specified through the keyadmin
utility.
3. Enable the server to use SSL or PCT.
Use the AcceptSecureTransport configuration directive to configure the server to
check for SSL or PCT connections. You must specify the distinguished name (DN)
of the certificate to use for the server by using the -cert option. In addition, you can
specify these parameters:
•
Transport name
•
Host name, address, and port to use
•
Whether the server checks for SSL, PCT, or both
•
Whether the server requests or requires client authentication (or neither)
For complete information about these options, see AcceptSecureTransport on
page A-6.
4. Use the RequireSecureTransport commands in the Region directive to control how
clients access the server and its contents as described in Controlling Access and
Privacy on page 4-34.
5. Restart the server.
6. Include security properties in HTML documents.
Note. The server checks for connections on the ports specified by both the Accept and
the AcceptSecureTransport directives.