Ssl processing, Server assignment (“mapping”) – HP e-Commerce Server Accelerator sa7120 User Manual

C H A P T E R 3

SSL Processing

29

3. Sign the client certificate signing request with the client CA

certificate:

openssl x509 -req -CAcreateserial -CAkey

ca_key.pem -CA ca_cert.pem -days 365 -in csr.pem

-out cert.pem

4. Combine the

key.pem

and

cert.pem

keys into one file by

typing this command:

cat key.pem cert.pem > all.pem

5. Convert to p12 format by typing this command:

openssl pkcs12 -export -in all.pem -out

<file>.p12 - name “MY NAME”

The output file <file>.p12 will be imported into the browser as a
personal certificate.

SSL Processing

The SA7100/SA7120 handles several SSL protocols, for example,
HTTPS (which is the default). For security purposes, you can block
access to specified IPs or ports (see “Blocking” section). Traffic that
is not mapped or blocked flows through transparently. Supported
protocols are listed below. (Ports listed are “well-known” port
assignments. Any available port may be used.)

•

HTTPS 443 (default)

•

IMAPS 993

•

POP3S 995

•

SMTPS 465

•

NNTPS 563

•

LDAPS 636

Server
Assignment
(“Mapping”)

Keypairs and their associated certificates are referenced by a keyID.
A server is identified by a unique combination of server IP and
network port. Mapping is the process of associating a keyID with a
server (using server IP, network port, and server port). The SA7100/
SA7120 supports two types of mapping:

•

Automapping

•

Manual mapping