beautypg.com

Global site certificates, Overview – HP e-CommerceXML Accelerator sa7150 User Manual

Page 51

background image

C H A P T E R 3

SSL Operations

41

3. Create a server mapping. Use the create map command to

specify the server IP address, ports, and keyID.

HP SA7150> create map

Server IP (0.0.0.0): 10.1.1.30

SSL (network) port [443]:

Cleartext (server) port [80]:

KeyID to use for mapping: mywebserver

4. Save the configuration when the server has been mapped.

HP SA7150> config save

Saving configuration to flash...

Configuration saved to flash

HP SA7150>

Global Site
Certificates

Overview

Four types of certificates are involved in the following discussion:

Root Certificate. The certificate of a trusted Certificate Authority
(CA) such as VeriSign*.

Server Certificate. Loaded on the server. Can be either self-
generated or received from a certificate authority such as
VeriSign*. Interacts with requesting browser’s root certificate to
establish encryption level.

Global Site Certificate. An extended server certificate. Allows
128-bit encryption for export-restricted browsers.

Intermediate CA certificate. A certificate “signed,” that is,
authenticated, by a recognized CA such as VeriSign*, and used to
validate a global site certificate. Called an “intermediate CA
certificate” in the following discussion.

Export versions of Internet Explorer* and Netscape* Communicator
use 40-bit encryption to initiate connections to SSL servers. Upon
receiving a client request, the server responds by sending a digital
certificate. If this certificate is a conventional server certificate (that
is, not a global site certificate), browser and server complete the SSL
handshake and use a 40-bit key to encrypt application data. If the
server responds to a requesting browser with a global site certificate,
the client automatically renegotiates the connection to use 128-bit
encryption.

A global site certificate is validated by an accompanying intermediate
CA certificate. (Such pairs are called “chained certificates.”)
Examples of intermediate CA certificates include Microsoft SGC

See also other documents in the category HP Computer hardware: