Global site certificate paste procedure – HP e-Commerce Server Accelerator sa7120 User Manual
Page 34
C H A P T E R 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
24
Export versions of Internet Explorer* and Netscape* Communicator
use 40-bit encryption to initiate connections to SSL servers. Upon
receiving a client request, the server responds by sending a digital
certificate. If this certificate is a conventional server certificate (that
is, not a global site certificate), browser and server complete the SSL
handshake and use a 40-bit key to encrypt application data. If the
server responds to a requesting browser with a global site certificate,
the client automatically renegotiates the connection to use 128-bit
encryption.
A global site certificate is validated by an accompanying intermediate
CA certificate. (Such pairs are called “chained certificates.”)
Examples of intermediate CA certificates include Microsoft SGC
Root* and VeriSign Class 3*. When a requesting browser receives a
global site certificate along with an intermediate CA certificate, the
browser’s root certificate is used to validate the intermediate CA
certificate, which in turn is used to validate the global site certificate,
thus letting the browser know that it can renegotiate the connection to
use 128-bit encryption.
Global Site Certificate Paste Procedure
If you wish to use a global site certificate, you must import both the
global site certificate and its accompanying intermediate CA
certificate. Both certificates must be chained together in a single file.
Use the
import cert
command to import either single or chained
certificates. In the latter case, paste the server’s global site certificate
first, followed by the intermediate CA certificate. Follow the
intermediate CA certificate by typing three periods on a new line.
Example:
HP SA7120> import cert <keyID>
Import protocol: (paste, xmodem) [paste]:
Type or paste in data, end with ... alone on line
NOTE: There must be no
white space before,
between, or after
certificates, and the
“Begin...” headers and
“End...” trailers must all
be retained.
-----BEGIN CERTIFICATE-----
MIIFZTCCBM6gAwIBAgIQCTN2wvQH2CK+rgZKcTrNBzANBgkq
hkiG9w0BAQQFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4x
MzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
:
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlz
aWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBW
ZXJpU2lnbjAeFw05
OTExMTEwMDAwMDBaFw0wMDExMTAyMzU5NTlaMIHHMQswCQYD