HP Cache Server Appliance Administrator Guide

ManualsBrandsHP ManualsServerHP Web Cache Server Appliance sa2200

101

102

103

104

105

106

107

108

109

110

Chapter 11 Security Options

To set SSL termination configuration variables for Traffic Server/origin server connections:

1. Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access

Methods‚ on page 7.

2. Open the

records.config file located in Traffic Server’s config directory with Vi.

3. Edit the following variables in the

SSL Termination section of the file:

4. Save and close the

records.config file.

5. Restart Traffic Server using the command

restart_traffic_server

Variable Description

proxy.config.ssl.auth.enabled Set this variable to 1 to enable the SSL termination

option.

proxy.config.ssl.server_port Set this variable to specify the port used for SSL

communication. The default port is 443.

proxy.config.ssl.client.verify.server Set this option to 1 to require Traffic Server to verify the

origin server certificate with the CA.

proxy.config.ssl.client.cert.filename If you have installed an SSL client certificate on Traffic

Server, set this variable to specify the file name of client

certificate.

proxy.config.ssl.client.cert.path If you have installed an SSL client certificate on Traffic

Server, set this variable to specify the location of the

client certificate. The default directory is Traffic

Server’s config directory.

proxy.config.ssl.client.private_key.filename Set this variable to specify the file name of Traffic

Server’s private key.

Change this variable only if the private key is not

located in the Traffic Server’s SSL client certificate file.

proxy.config.ssl.client.private_key.path Set this variable to specify the location of the Traffic

Server’s private key.

Change this variable only if the private key is not

located in the SSL client certificate file.

proxy.config.ssl.client.CA.cert.filename Specify the file name of the certificate authority against

which the origin server will be verified.The default

value is NULL.

proxy.config.ssl.client.CA.cert.path Specify the location of the certificate authority file

against which the origin server will be verified.The

default value is NULL.