iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

100

If you want global session key caching, the SK_GlobalCache directive (that is the GlobalCache

variable), must be set to ON to enable the configuration of the server. If individual httpd server

process session key caching is desired, which is the default, set the variable to OFF, or omit it.

The value of MAXSERVERS must always be set to 1. This is a single process serverclass. The value

of MAXLINKS and LINKDEPTH must both always be set to the value of the httpd server's

MAXSERVERS value. For example:

Server $root/bin/httpd { Server $root/bin/gcache {

... Maxservers 1

Maxservers 50 ---> Maxlinks 50

... Linkdepth 50

} ...

}

The configuration directives SK_CacheSize and SK_CacheExpiration, which are set by

defining the variables CacheSize and CacheExpiration, are optional. The default value for

SK_CacheSize is 1000, and for SK_CacheExpiration is 3600 (1 hour).

NOTE: If individual httpd server process session key caching is used, each process will create

it's own cache with SK_CacheSize entries. However, if global session key caching is used, that

single process server will create a single cache also with SK_CacheSize entries. Take this into

consideration when determining the value for SK_CacheSize.

Use the new directive SK_GlobalCacheTimeout to alter the default Pathsend timeout value

of 1/2 second (50/100 second). This timeout determines how long the httpd server will wait for

a response from the global cache server before a timeout error occurs.

To enable tracing you must define the env variable TRACEFILE. All communication from and to

the httpd server is logged. You can set this option only if problems arise.Table 8 (page 98) shows

global caching enabled.

Table 8 Sample httpd.stl.config File

#VERSION=7.2

# httpd.stl.config

# Configure the required Secure Transport information

KeyDatabase $root/conf/test_key.db

ServerPassword WebServer

AcceptSecureTransport -transport /G/ZTC0 -port 443 -cert

{CN=Test Key, OU=Testing Only, O=Tandem Computers,Inc.,

ST=California,C=US}

Region /*/ssl-sample-dir {

RequireSecureTransport

# Optional Global Session Key Cache server configuration

set GlobalCache OFF

#set CacheSize 1000

#set CacheExpiration 3600

if { [string match "ON" $GlobalCache] } {

SK_GlobalCache $GlobalCache

# SK_GlobalCacheTimeout 50

Server $root/bin/gcache {

eval $DefaultServerAttributes

Maxservers 1

Maxlinks 50

Linkdepth 50

Numstatic 1

# Env TRACEFILE=$root/logs/gctrace.log

Env ERRORFILE=$root/logs/gcerror.log

if {[info exists CacheSize]} {

Env SK_CacheSize=$CacheSize

}

if {[info exists CacheExpiration]} {

Env SK_CacheExpiration=$CacheExpiration

98 Configuring the iTP Secure WebServer