iTP Secure WebServer System Administrators Guide (Version 7.5+)

Setup for IP CIP Support.....................................................................................................43

Installing the Resource Locator.............................................................................................44

Installation Considerations..................................................................................................44

3 Planning the iTP Secure WebServer PATHMON Environment..........................47

Conventional TCP/IP: The Distributor Process..............................................................................47

TCP/IPv6 and IP CIP:The Auto Accept Feature............................................................................47

Migration Considerations For TCP/IPv6 and IP CIP Support.....................................................48

Configuring the PATHMON Environment....................................................................................49

Threading Considerations for the httpd Server............................................................................49

Security for the Server's Pathway Environment.............................................................................50

Who Can Modify the Configuration Files?............................................................................50

Who Can Start/Stop the iTP Secure WebServer?...................................................................50

What TCP/IP Port Is the Distributor Process Monitoring?..........................................................50

Protecting Transmission of Key Database Files and Core Dumps...............................................52

4 Configuring for Secure Transport................................................................53

Using the Administration Server Securely...................................................................................53

Overview of Server Configuration.............................................................................................54

Keyadmin Utility Configuration............................................................................................54

Server Configuration..........................................................................................................54

Managing Certificates.............................................................................................................55

Formatting Distinguished Names (DNs).................................................................................55

Using the Keyadmin Utility to Manage Keys and Certificates....................................................56

Using Server Certificate Chains With the iTP Secure WebServer..............................................72

Using TLS and SSL Environment Variables in CGI Programs..........................................................75

Controlling Encryption and Integrity Checking............................................................................75

Using Ciphers With the AcceptSecureTransport Directive..............................................................76

Hashing Ciphers Used by iTP Secure WebServer Ciphers............................................................76

Negotiating Selection Among Available Ciphers........................................................................76

Migrating the key database from iTP Secure WebServer 7.0 to 7.2 and later..................................76

Configuring Trusted Client Root Certificate Database...................................................................79

Configuring Support For Certificates with Non-English Characters.................................................79

5 Managing the iTP Secure WebServer Using Scripts.......................................82

The httpd Command...............................................................................................................82

4 Contents