Global site certificates, Overview – HP e-Commerce Server Accelerator sa7120 User Manual

C H A P T E R 3

Keys and Certificates

23

Enter the information for the certificate, as prompted:

•

Country

•

State

•

Locality

•

Organization

•

Organization unit

•

Common name (for example, www.myserver.com)

•

E-mail address

3. Create a server mapping. Use the create map command to

specify the server IP address, ports, and keyID.

HP SA7120> create map

Server IP (0.0.0.0): 10.1.1.30

SSL (network) port [443]: <Enter>

Cleartext (server) port [80]: <Enter>

KeyID to use for mapping: mywebserver

4. Save the configuration when the server has been mapped.

HP SA7120> config save

Saving configuration to flash...

Configuration saved to flash

HP SA7120>

Global Site
Certificates

Overview

NOTE: The SA7100/
SA7120 supports only one
root CA certificate per
mapping. However,
multiple intermediate CA
certificates per single
mapping are supported.

Four types of certificates are involved in the following discussion:

•

Root Certificate. The certificate of a trusted CA such as
VeriSign.*

•

Server Certificate. Loaded on the server. Can be either self-
generated or received from a CA such as VeriSign*. Interacts
with requesting browser’s root certificate to establish encryption
level.

•

Global Site Certificate. An extended server certificate. Allows
128-bit encryption for export-restricted browsers.

•

Intermediate certificate authority (CA) Certificate. A certificate
“signed,” that is, authenticated, by a recognized CA such as
VeriSign*, and used to validate a global site certificate. Called an
“intermediate CA certificate” in the following discussion.