iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—523346-012
4-4
Managing Certificates
Use the HTTPS protocol specifier (https) in anchor specifications to specify that the
Web client use SSL or PCT, as this example shows:
https://www.oregon-club.com/recipes
If you are using an SSL or PCT port other than the default (443), specify the port:
https://www.oregon-club.com:444/recipes
Managing Certificates
Each iTP Secure WebServer must have a public key pair for encrypting and decrypting
secure transactions. The public key must be signed by a CA in the form of a certificate.
The certificate verifies the binding of the public key to a particular DN, which uniquely
identifies a particular Web server. (See Requesting a Certificate on page 4-11.)
The same certificate can be used for both SSL and PCT.
This section describes how to manage certificates and covers these topics:
•
Formatting Distinguished Names (DNs)
•
Support for International 128-Bit SSL Sessions Using VeriSign’s Global Server ID
on page 4-5
•
Using the Keyadmin Utility to Manage Keys and Certificates on page 4-7
•
Using Server Certificate Chains With the iTP Secure WebServer on page 4-28
Formatting Distinguished Names (DNs)
DNs are specifications that identify persons or organizations to associate with
particular keys. DNs consist of lists of attributes that identify such entities as company
name and company location. For example:
•
CN="Compedia, Inc."
•
ST=New Hampshire
CAs use DNs to formally bind particular persons or organizations to particular keys.
The individual attributes in DNs are separated by commas and must be specified in the
order required by a particular CA.