Global Site Certificates; Overview - HP P4518A - Traffic Management Server Sa7150 User Manual

Hp e-commerce/xml server accelerator sa7150 - user guide

Hide thumbs Also See for P4518A - Traffic Management Server Sa7150:

Release notes (4 pages)

Warranty and support information (12 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

Table of Contents

C H A P T E R 3

Global Site

Certificates

SSL Operations

3. Create a server mapping. Use the create map command to

specify the server IP address, ports, and keyID.

HP SA7150> create map

Server IP (0.0.0.0): 10.1.1.30

SSL (network) port [443]:

Cleartext (server) port [80]:

KeyID to use for mapping: mywebserver

4. Save the configuration when the server has been mapped.

HP SA7150> config save

Saving configuration to flash...

Configuration saved to flash

HP SA7150>

Overview

Four types of certificates are involved in the following discussion:

Root Certificate. The certificate of a trusted Certificate Authority

•

(CA) such as VeriSign*.

•

Server Certificate. Loaded on the server. Can be either self-

generated or received from a certificate authority such as

VeriSign*. Interacts with requesting browser's root certificate to

establish encryption level.

•

Global Site Certificate. An extended server certificate. Allows

128-bit encryption for export-restricted browsers.

•

Intermediate CA certificate. A certificate "signed," that is,

authenticated, by a recognized CA such as VeriSign*, and used to

validate a global site certificate. Called an "intermediate CA

certificate" in the following discussion.

Export versions of Internet Explorer* and Netscape* Communicator

use 40-bit encryption to initiate connections to SSL servers. Upon

receiving a client request, the server responds by sending a digital

certificate. If this certificate is a conventional server certificate (that

is, not a global site certificate), browser and server complete the SSL

handshake and use a 40-bit key to encrypt application data. If the

server responds to a requesting browser with a global site certificate,

the client automatically renegotiates the connection to use 128-bit

encryption.

A global site certificate is validated by an accompanying intermediate

CA certificate. (Such pairs are called "chained certificates.")

Examples of intermediate CA certificates include Microsoft SGC

Table of Contents

This manual is also suitable for:

Sa7150

Global Site Certificates; Overview - HP P4518A - Traffic Management Server Sa7150 User Manual

Overview

Related Manuals for HP P4518A - Traffic Management Server Sa7150

Related Content for HP P4518A - Traffic Management Server Sa7150

This manual is also suitable for:

Table of Contents