HP Cache Server Appliance Administrator Guide

ManualsBrandsHP ManualsServerHP Web Cache Server Appliance sa2100

101

102

103

104

105

106

107

108

109

110

Chapter 11 Security Options

To set SSL termination configuration variables for client/Traffic Server connections:

1. Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access

Methods‚ on page 7.

2. Open the

records.config file located in Traffic Server’s config directory with Vi.

3. Edit the following variables in the

SSL Termination section of the file:

Variable Description

proxy.config.ssl.enabled Set this variable to 1 to enable the SSL termination option.

proxy.config.ssl.server_port Set this variable to specify the port used for SSL

communication. The default port is 443.

proxy.config.ssl.client.certification_level Set this variable to one of the following values:

• O specifies that no client certificates are required.

Traffic Server does not verify client certificates during

the SSL handshake. Access to Traffic Server depends

on Traffic Server configuration options (such as access

control lists).

• 1 specifies that client certificates are optional. If a client

has a certificate, the certificate is validated. If the client

does not have a certificate, the client is still allowed

access to Traffic Server unless access is denied through

other Traffic Server configuration options.

• 2 specifies that client certificates are required. The

client must be authenticated during the SSL handshake.

Clients without a certificate are not allowed to access

Traffic Server.

proxy.config.ssl.server.cert.filename Set this variable to specify the file name of Traffic

Server’s SSL server certificate.

Traffic Server provides a demo server certificate called

server.pem. You can use this certificate to verify that

the SSL feature is working.

If you are using multiple server certificates, set this

variable to specify the default file name.

proxy.config.ssl.server.cert.path Set this variable to specify the location of Traffic Server’s

SSL server certificate. The default directory is Traffic

Server’s config directory.

proxy.config.ssl.server.private_

key.filename

SetthisvariabletospecifythefilenameofTraffic

Server’s private key.

Change this variable only if the private key is not located

in the Traffic Server’s SSL server certificate file.

proxy.config.ssl.server.private_key.path Set this variable to specify the location of the Traffic

Server’s private key.

Change this variable only if the private key is not located

in the Traffic Server’s SSL server certificate file.

proxy.config.ssl.CA.cert.filename Specify the file name of the certificate authority that client

certificates will be verified against.The default value is

NULL.

proxy.config.ssl.CA.cert.path Specify the location of the certificate authority file that

client certificates will be verified against.The default

value is NULL.