HP sa7120 User Manual
hp e-commerce
server accelerator
sa7100/sa7120
user guide
© Copyright 2001 Hewlett-Packard Company. All rights reserved.
Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304-1185
Publication Number
5971-0894
February 2001
Disclaimer
The information contained in this document is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY
KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not
be liable for errors contained herein or f or incidental or conse quential damages
in connection with the furnishing, performance, or use of this material.
Hewlett-Packard assumes no responsibility for the use or reliability of its
software on equipment that is not furnished by Hewlett-Packard.
Warranty
A copy of the specific warranty terms applicable to your Hewlett-Packard
products and replacement parts can be obtained from
http://www.hp.com/serverappliances/support.
*Other brands and names are the prop erty of their respective owners.
Table of Contents
Chapter 1: Introduction
About this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Who Should Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How to Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Chapter 2: Installation and Initial Configuration
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Installing the SA7100/SA7120 Free-Standing or in a Rack. . . . . . . . . . . . . . . . . . . . . 6
Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Free-Standing Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Status Check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Network and Server LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
C O N T E N T S HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Inline LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Admin Terminal Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
HyperTerminal* Paste Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Server and Network LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Continuing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 3: Theory of Operation
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Single Server Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Working with Internet Traffic Management (ITM) Devices . . . . . . . . . . . . . . . . . . . 13
Positioning SA7100/SA7120 between ITM Device and Client Network . . . . . . . 13
Positioning SA7100/SA7120 between ITM Device and Server . . . . . . . . . . . . . . 14
Multiple SA7100/SA7120s and Cascading Processing . . . . . . . . . . . . . . . . . . . . . . . 14
Scalability and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Spilling and Throttling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Cutting and Pasting with HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Obtaining a Certificate from VeriSign* or Other Certificate Authority . . . . . . . . 17
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Exporting a Key/Certificate from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Apache* Interface to Open SSL* (mod_ssl). . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Apache SSL*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Stronghold*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Importing into the SA7100/SA7120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Creating a new Key/Certificate on the SA7100/SA7120. . . . . . . . . . . . . . . . . . . . 22
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Global Site Certificate Paste Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Redirection: Clients and Unsupported Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Creating a Client CA Certificate using OpenSSL* . . . . . . . . . . . . . . . . . . . . . . . . 28
SSL Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Server Assignment (“Mapping”) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iv
Table of Contents
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . . . 30
Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . . . 30
Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Manual mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Combining automapping and manual mapping . . . . . . . . . . . . . . . . . . . . . . . . 31
Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Specific IP, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Subnet, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
All IPs, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Delete a Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Failure Conditions, Fail-safe, and Fail-through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Chapter 4: Scenarios
Scenario 1—Single Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Procedure for Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Manual Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Scenario 2—Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Procedure for Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Scenario 3—Multiple SA7100/SA7120s, Cascaded . . . . . . . . . . . . . . . . . . . . . . . . . 40
Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Procedure for Scenario 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Scenario 4—Different Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Scenario 5—Configuring a Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
SA7120 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Chapter 5: Command Reference
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Command Line Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Abbreviation to Uniqueness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Moving the Insertion Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
v
C O N T E N T S HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Cutting Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Command Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Help Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Status Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
SSL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Port Mapping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Remote Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Alarms and Monitoring Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Administration Commands
Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Chapter 6: Remote Management
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Remote Management CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Remote Telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Remote Console, Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Changing the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Disabling Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Remote SSH Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Remote Console, SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Changing the SSH Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Disabling SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
HP MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Where to find MIB Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Enterprise Private MIB Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
vi
Table of Contents
Private Traps in the HP private MIB
(hpssl-appliance-mib.my) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Community String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Chapter 7: Alarms and Monitoring
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Alarm Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
ESC: Encryption Status Change Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Alarm Modifiers and Messages: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
RSC: Refused SSL Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
RSC Alarm CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
UTL: Utilization Threshold Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
UTL Alarm CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
OVL: Overload Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
OVL Alarm CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
NLS: Network Link Status Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Alarm Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Example: list logs command: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Example: status command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Example: status alarms command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Monitoring Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Report Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Monitoring Reports CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
vii
C O N T E N T S HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Chapter 8: Software Updates
Before Upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Monitoring output data can interfere with import/export operations.. . . . . . . 126
IP blocks may not persist across software upgrade. . . . . . . . . . . . . . . . . . . . . 126
Using Windows* HyperTerminal*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Chapter 9: Troubleshooting
Appendix A: Front Panel
Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Appendix B: Failure/Bypass Modes
Bypass Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Fail-through Switch (Security Level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Appendix C: Supported Ciphers
Cipher Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
SSL Version Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Appendix D: Regulatory Information
Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
FCC Part 15 Compliance Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Canada Compliance Statement (Industry Canada). . . . . . . . . . . . . . . . . . . . . . . . . . 147
CE Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
CISPR 22 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
WARNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
AVERTISSEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
WARNUNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
AVVERTENZA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
viii
Table of Contents
ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Appendix E: Software License Agreement
Mozilla* and expat* License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
MOZILLA PUBLIC LICENSE, Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Support Services
Support for your SA7100/SA7120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
U.S. and Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Latin America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Glossary
Index
ix
C O N T E N T S HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Notes
x
Introduction
Congratulations on your choice of the HP e-Commerce Server
Accelerator SA7100/SA7120. The processing of secure tr ansact ions
through Secure Socket Layer (SSL) can use up to 90% of even the
largest servers’ CPU power and can degrade response time
significantly. The SA7100/SA7120 provides a completely
transparent way to increase the performance of Web sites for SSL
transactions. The SA7100/SA7120 i s positioned in front of t he server
farm, where it intercepts SSL transactions, processes them, and relays
them to the servers. The SA7100/SA7120 performs all encryption
and decryption management i n thi s environment with a minimum of
administrator interaction.
About this User Guide
This User Guide supports the HP e-Commerce Server Accelerator
SA7100 and the HP e-Commerce Server Accelerator SA7120. By
default this text refers to the product as “SA7100/SA7120.” Where
appropriate, the text refers to “SA7100” or “SA7120.” Additionally,
notes in the le ft-hand mar gin may be used to distingu ish the two products. Illustrations of the command prompt use:
“HP SA7120>”.
C H A P T E R 1 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Who Should Use this Book
This User Guide is intended for ad m inistrators with the following
background:
• Familiarity with networking concepts and terminology.
• Basic knowledge of network topologies.
• Basic knowledge of networks and IP routing.
• Some knowledge of SSL, keys, and certificates.
• Knowledge of Web servers.
Before You Begin
SA7100/SA7120 setup can be divided into three basic procedures:
• Physically install single or multiple SA7100/SA7120s with sin-
gle or multiple servers.
• Configure your SA7100/SA7120 in the Command Line Inter-
face.
• Identify existing certificates or obtain new ones you want to use
in SSL operations.
How to Use this Book
The information in this book is organized as follows:
• Chapter 1: Introdu cti on provides an introduction and overview
of the SA7100/SA7120, and a summary of new features.
• Chapter 2: Installation and Initial Configuration contains
installation and initial configuration procedures. (This material is
also discussed in the separate Quick Start Guide.)
• Chapter 3: Theory of Operation explains the general principles
behind SA7100/SA7120 operation.
• Chapter 4: Scenarios provides examples of SA7100/SA7120
configurations, together with specific procedures for their
implementation.
• Chapter 5: Command Reference explains the Command Line
Interface (CLI), and lists the commands and their functions.
2
C H A P T E R 1 How to Use this Book
• Chapter 6: Remote Management detail s how you can use Te lne t,
Secure Shell (SSH), and SNMP to manage the SA7100/SA7120
from remote locations.
• Chapter 7: Alarms and Monitoring explains the ways in which
you can configure the device to report information to you, either
routinely or as a result of abnormal events or conditions.
• Chapter 8: Software Updates provides procedures for obtaining
SA7100/SA7120 system software updates.
• Chapter 9: T roubleshooting is a table containing symptoms of
problems you may encounter with corresponding likely causes
and remedies.
• Appendix A: Front Panel diagrams and explains the SA7100/
SA7120’s front panel LEDs, buttons, and connections.
• Appendix B: Failure/Bypass Mode s explains how the SA7100/
SA7120 deals with failure conditions and details the bypass
function.
• Appendix C: Supported Ciphers lists the supported encryption
ciphers.
• Appendix D: Regulatory Information provides information
regarding the SA7100/SA7120’s compliance with applicable
regulations.
• Appendix E: Software License Agreement contains the software
license and terms and conditions of user of this product.
• Support Services contains customer support telephone numbers
for various locales.
• Glossary defines terms appearing in this User Guide.
3
C H A P T E R 1 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Notes
4
Installation and Initial Configuration
Before You Begin
WARNING: Do not
remove the device’s
cover. There are no userservicable parts inside.
Before you begin installation, you need the following:
• IP address for SA7100/SA7120 (only if you intend to use the
Remote Management).
• IP addresses and IP port numbers of servers.
• Keys/certificates. See Chapter 3 for information on obtaining
keys and certificates.
• Network cables, such as straight-through and/or crossover
cables. (The table in the section “Ne twork Con nect ions ” in this
chapter identifies the types of cables you must use.)
• Phillips screwdriver (rack-mounting only).
• Rack-mounting screws (rack-mounting only).
C H A P T E R 2 HP e-Commerce Server Accelerator SA7100/7120 User Guide
Installing the SA7100/SA7120 Free-Standing or in a Rack
The HP e-Commerce Server Accelerator SA7100/SA7120 is
physically installed in either of two ways:
• In a standard 19” rack, cantilevered from the provided mounting
brackets.
• Free-standing on a flat surface with sufficient space for air-flow.
Rack Installation
Rack mounting requires the use of the mount ing brackets, and all four
of the included Phillip s screws.
1. Locate the two mounting brackets and the four screws. (Two
screws for each bracket.)
2. Attach a mounting bracket to each side of the SA7100/SA7120,
using two of the provided screws for each bracket. Use the holes
near the front of the SA7100/SA7120’s sides. The brackets have
both round and oval holes; the flange with round holes attaches
to the SA7100/SA7120, the flange with oval holes to the rack.
Mounting Bracket Orientation
3. Position the SA7100/SA7120 in the desired space of your 19”
rack and attach the front flange of each mounting bracket to the
rack with two screws each. (Rack-mounting screws are not
provided.)
6
C H A P T E R 2 Installing the SA7100/SA7120 Free-Standing or in a Rack
Free-Standing Installation
Network Connections
NOTE: Use caution
when connecting both of
the SA7100/SA7120’s
network ports to the same
switch, hub, or router.
Doing so creates a
feedback loop that
adversely effects network
bandwidth.
1. Attach the provided self-adhesive rubber feet to the SA7100/
SA7120’s bottom.
2. Place the SA7100/SA7120 on a flat surface and make sure that
there is adequate airflow surrounding the unit (allow at le ast one
inch of air space on all sides).
Use the table below to select and install the approp r ia te cables. (All
cables must be Category 5 UTP or better.)
SA7100/SA7120’s
network
connector
Workstation or Server Crossover cable Straight-through cable
Switch or Hub Straight-through cable Crossover cable
Router Crossover cable Not recommended
SA7100/SA7120
network
connector*
SA7100/SA7120
server
connector*
* Applicable only to multiple, cascaded units.
N/A Straight-through cable
Straight-through cable N/A
SA7100/SA7120’s
server
connector
3. Connect the provided power cable to the bac k of the unit . (Ther e
is no power switch.) Under normal circumstances, the SA7100/
SA7120 requires approximately 30 seconds to boot. When the
boot is complete, the unit’s Power LED is steadily illuminated.
(If the Power LED is not steadily illuminated, see Chapter 9,
“Troubleshooting,” to rectify before proceeding to Step 3.)
4. The Inline LED should be either steadily illuminated or blinking
(to indicate Inline mode). If it is not, press the Bypass switch on
the device’s front panel to enable Inline mode.
7
C H A P T E R 2 HP e-Commerce Server Accelerator SA7100/7120 User Guide
5. At this point both the Network and Server LEDs should be
steadily illuminated. If not, please see Chapter 9,
“Troubleshooting.”
HP e-Commerce Server Accelerators
Hub/Router/Switch
Status Check
Server
Network Connections
Before proceeding to the Admin Terminal Connect ion section, take a
moment to verify that the SA7100/SA7120 is correctly connected.
Network and Server LEDs
Verify that the Network and Server LEDs are both illuminated. If one
or both are not, re fer to the Troubleshooting sec tion at the end of t his
chapter.
Inline LED
A blinking Inline LED indicates that the syst em is online in F ail-safe
mode. Refer to the Troubleshooting secti on at the end o f this c hapter
or Appendix B, “Failure/Bypass Modes.”
8
C H A P T E R 2 Installing the SA7100/SA7120 Free-Standing or in a Rack
Admin Terminal Connection
Power Error Overload Activity
(green) (red) (amber) (green)
Console
Run HyperTerminal* or a similar term inal emulator on your PC . The
steps below are illustrative of HyperTerminal*. Other terminals will
require different procedures.
1. Use the serial cable provided with the SA7100/SA7120 to connect the device’s serial port (the left-hand serial port labeled
“Console”) to the serial port of any termi nal. (A PC running Windows* HyperTerminal* is used here as an example.)
Aux Console
Network Link
(green)
Network Link
(RJ45)
Inline
(green)
Server Link
(green)
Server Link
(RJ45)
Front Panel Connectors and LEDs
2. Type an appropriate name in the Name field of the Connection
Description window (e.g., “Configuration”), and then click the
OK button. The Phone Number panel appears.
HyperTerminal* Paste Operations
3. In the Connect Using… field specify “COM1” (or the serial port
through which the PC is connected to the SA7100/SA7120 if
different from COM1).
4. Click the OK button. The COM1 Properties panel appears. Set
the values displayed here to 9600, 8, none, 1, and none.
5. Click the OK button.
If you’re using HyperTerminal* you must make the following
configuration change:
1. In the File menu, click Properties.
2. Click the Settings tab.
3. Click the ASCII Setup button.
4. Change the values of Line and Character delay from 0 to at least
1 millisecond.
9
C H A P T E R 2 HP e-Commerce Server Accelerator SA7100/7120 User Guide
5. Click OK to exit ASCII Setup.
6. Click OK to exit Connection Properties.
Troubleshooting
Server and Network LEDs
If either the Network or Serv er LED fails to illuminate us ing either
straight-through or crossover network cables, the problem may be
elsewhere in the network. Verify by wiring around the SA7100/
SA7120.
Inline LED
The Fail-through switch allows you to control what happens in the
event of a failure. It is located in a recess between the Network and
Server connectors. Use a small screwdriver or paper clip to
manipulate the swit ch. The two options are:
• Allow traffic to flow through the SA7100/SA7120 unprocessed.
(Fail-through mode, indicated by a steadily illuminated Inline
LED.)
Continuing Configuration
10
• Block traffic flow through the SA7100/SA7120 entirely. (Fail-
safe mode, indicated by a blinking Inline LED.)
Please see Appendix B for a table describing all permutatio ns of LED
operation.
This concludes basic configuration of the SA7100/SA7120. To
configure the unit for production please continue with Chapter 3,
Theory of Operations, or Chapter 4, Scenarios.
Security
Theory of Operation
The HP e-Commerce Server Accelerator SA7100/SA7120 offers
Remote Management capability. This feature require s that the
SA7100/SA7120’s network interface be assign ed an IP address, thus
security becomes a matter for your a ttention. If you i ntend to manage
your SA7100/SA7120 from a remote location, be sure to read the
section, “Access Control” in Chapter 6.
Single Server Accele r ati on
Typically, SA7100/SA7120 supports the SSL processing needs of a
single server. This is the simplest and most common configuration.
The SA7100/SA7120 is connected to the network between the ro uter
and the server.
C H A P T E R 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Ideally, the SA7100/ SA7120 is installed in the network in su ch a way
as to minimize network latency.
HP e-Commerce Server Accelerator
SA7100/7120
Router
Single Server
SA7100/SA7120 in Single Server Configuration
Multiple Servers
Given the SSL processing power of the SA7100/SA7120, multiple
servers can be support ed. I n t hi s c onf i gurat i on, the SA7100/SA7120
sits between the router and the switch. SSL traffic intended for these
servers is intercepted and other traffic is passed through.
12
Server 1
Server 2
hub/switchRouter
Server 3
HP e-Commerce Server Accelerator
SA7100/7120
SA7100/SA7120 in Multiple Server Configuration
C H A P T E R 3 Working with Internet Traffic Management (ITM) Devices
Working with Internet Traffic Management (ITM) Devices
The SA7100/SA7120 is compatible with Internet Traffic
Management (ITM) devices. In su ch environm ents, the SA7100/
SA7120 lies between the router and the ITM device, or between the
ITM device and the server. ITM devices distribute workload across
multiple servers and redirect traffic based on content.
Positioning SA7100/ SA7120 between ITM Device and Client Network
Router
Internet
Client
If the ITM device supports layer 7 traffic management, URLs must
be readable (that is, unencrypted). Therfore, in environments
performing layer 7 load balancing, it is recommended that the
SA7100/SA7120 be placed between the ITM device and the client
network.
HP e-Commerce Server Accelerator SA7100/7120
ITM Device
SA7100/SA7120 Between Router and ITM Device
Server 1
Server 2
Server 3
13
C H A P T E R 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Positioning SA7100/ SA7120 between ITM Device and Server
Router
Internet
Client
NOTE: The illustrated
configuration precludes
layer 7 load balancing
because secure traffic
through the ITM device is
encrypted.
If security considerations require limited network access to clear text,
the SA7100/SA7120 should be placed between the ITM device and
the server.
ITM Device
HP e-Commerce Server Accelerator
SA7100/SA7120s Between ITM Device and Servers
SA7100/7120s
Servers
Multiple SA7100/SA7120s and Cascading Processing
Scalability and Cascading
14
The SA7100/SA7120’s capabilities are scalable by chaining, or
“cascading,” multiple SA7100/SA7120s together. In such
configurations, each unit’s server side connector is wired to the
network side connector of the next SA7100/ SA7120 i n line . The last
SA7100/SA7120 in line is connected to the server, switch, or ITM
device.
C H A P T E R 3 Multiple SA7100/SA7120s and Cascading Processing
Spilling and Throttling
Hub/Router/Switch
Availability
When the SA7100/SA7120’s “spill” option is enabled, if a given
SA7100/SA7120 cannot p rocess a request with in a specified interval,
the request is passed on, sti ll encrypt ed, t o the next SA7100/ SA7120
in line. The last SA7100/SA7120 on the server side can also be
enabled to spill to the server. Spilling is performed dynamically on a
connection-by-connection basis. (See spill command, Chapter 5,
“Command Reference.”) If spill is disabled, the SA7100/SA7120
“throttles,” that is, will not accept incoming requests when it becomes
overloaded.
HP e-Commerce Server Accelerator SA7100/7120s
Server
Cascaded SA7100/SA7120s
When a SA7100/SA7120 fails or is set to Bypass mode while Failthrough is enabled, the SA7100/SA7120’s network side and server
side network adapters are directly connected, allowing t raffic to pass
through to the next device until the failed unit is brought back into
service. This feature eliminates a single poi nt o f failure and provid es
a high level of availability, should there be a failure. In installations
with multiple SA7100/SA7120s, t he next unit in the casca de picks up
the encryption/decrypti on workload, while in single SA7100/SA7120
configurations, the server assumes the load. See “Failure/Bypass
Modes” in Appendix B for more information.
15
C H A P T E R 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Keys and Certificates
WARNING: The
SA7100/SA7120 comes
with default keys and
certific ates for test
purposes. Certificates for
production use should be
obtained from a
recognized certificate
authority.
A necessa ry part of the SA7100/ SA7120 configurat ion is the use of
keys and certificates. A key is a set of numbers used to encrypt or
decrypt data. A certificate is a “form” that identifies a server or user.
The certificate contains information about your company as well as
information from a third party that verifies your identity.
There are three ways to obtain keys and certificates:
• Obtaining a certificate from VeriSign* or other Certificate
Authority (or “CA”)
• Using an existing key/certificate
• Creating a new key/certificate on the SA7100/SA7120
Cutting and Pasting with HyperTerminal*
Cutting and pasting is an in tegral part of the next several pr ocedures.
Below are procedures for cutting and pasting in HyperTerminal*. If
you use some other terminal program, consult that product’s
documentation for appropriate procedures.
To copy an item (key, certificate signing request, etc.) from
HyperTerminal*:
1. Open the HyperTerminal* window.
2. Click and drag to select the item.
16
3. After the item is selected, open the Edit menu and click Copy (or
type <ctrl-c>).
4. Open the window where you will paste the data, and position t he
cursor at the appropriate point.
5. In the Edit menu, click Paste (or type <ctrl-v>).
To paste an item (key, certificate signing request, etc.) into
HyperTerminal*:
1. Display the item in the appropriate appl ication window, then
click and drag to select the item.
2. Once the item is selected, click the Edit menu and select Copy
(or type <ctrl-c>).
C H A P T E R 3 Keys and Certificates
3. Move to the HyperTerminal* window, and position the cursor at
the appropriate point.
4. Pull down the Edit menu, and select Paste to Host (or type
<ctrl-v>).
Obtaining a Certificate from VeriSign* or Other Certificate Authority
Use the create key command to create your key and the create si gn
command to create a signing request t o be sen t to VeriSign* o r ot her
CA for authentication. The CA will return it in approximately one to
five days. After you have recei ved the certificate, use t he import cert
command to import it into the SA7100/SA7120.
The fields input to create a signing request are called collectively a
Distinguished Name (DN). For optimal security, one or more fields
must be modified to make the DN unique.
Procedure
Create a key:
1. Type the create key command at the prompt:
HP SA7120> create key
Key strength (512 /1024) [512]:
New keyID [001]: mywebserver
Keypair was created for keyID: mywebserver
2. Create a Certificate Signing Request:
HP SA7120> create sign mywebserver
You are about to be asked to enter information
that will be incorporated into your
certificate request. The "common name" must be
unique. For other fields, you could use
default values.
Certifying authoriti es have specific guideli nes on how to answer each
of the questions. These guidelines may vary by certifying authority.
Please refer to th e guid eline s of th e cert ifyin g auth ority to who m you
submit your Certificate Signing Request (CSR). Please keep the
following in mind when entering the information that will be
incorporated into your certificate request:
• Country code: This is the two-letter ISO abbreviation for your
country (for example, US for the United States).
• State or Province: This is the name of the state or province
where your organizati on’s head office is located. Please enter the
full name of the state or province. Do not abbreviate.
17
C H A P T E R 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
• Locality: This is usually the name of the city where your
organization’s head office is located.
• Organization: This should be the organization that owns the
domain name. The organization name (corporation, limited
partnership, university, or government agency) must be
registered with some authority at the n ational, state, or city level.
Use the legal name under which your organization is registered.
Please do not abbrevia te your or gani zation’s name and do not use
any of the following characters: < > ~ ! @ # $ % ^ * / \ ( ) ?.
• Organizat i onal unit: This is n ormally the name of the
department or group that will use the certificate.
• Common name: The common name is the “fully qualified
domain name,” (or FQDN) used for DNS lookups of your server
(for example, www.mysite.com). Browsers use this information
to identify your Web site. Some browsers will refuse to establish
a secure connection with your site if the server name does not
match the common name in the certificate. Please do not include
the protocol specifier “http://” or any port numbers or pat h names
in the common name. Do not u se wildcard characters su ch as * or
?, and do not use an IP address.
18
• E-mail address: This should be the e-mail address of the
administrator responsible for the certificate.
3. Export the Certificate Signing Request (CSR).
In this example, xmod em i s used t o send the CSR to a PC c onnected
to the console port.
HP SA7120> export sign mywebserver
Export protocol : (xmodem, ascii) [ascii]:x
<Enter>
Use Ctrl-x to kill transmission
Beginning export...
Export successful!
HP SA7120>
To submit the CSR to a certifying authority, paste it into the field
provided in the authority’s online request form. Remember to include
the “-----BEGIN CERTIFICATE REQUEST-----” and “-----END
CERTIFICATE REQUES T-----” lines.
Typically, the CSR will look something like this:
-----BEGIN CERT IFICATE REQUEST----MIIBnDCCAQUACQAwXjELMAkGA1UEBhMCQ0ExEDOABgNVBAgT
B09udGFayW8xEDAOBgNVBAcTB01vbnRyYWwxDDAKBgNVBAoT
C H A P T E R 3 Keys and Certificates
A0tGQzEdMBsGA1UEAxMUd3d3Lmlsb3ZlY2hpY2tlbi5jb20w
gZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBALmJA2FLSGJ9
iCF8uwfPW2AKkyyKoe9aHnnwLLw8WWjhl[ww9pLietwX3bp6
Do87mwV3jrgQ1OIwarj9iKMLT6cSdeZ0OTNn7vvJaNv1iCBW
GNypQv3kVMMzzjEtOl2uGl8VOyeE7jImYj4HlMa+R168AmXT
82ubDR2ivqQwl7AgEDoAAwDQYJKoZIhvcNAQEEBQADgYEAn8
BTcPg4OwohGIMU2m39FVvh0M86ZBkANQCEHxMzzrnydXnvRM
KPSE208x3Bgh5cGBC47YghGZzdvxYJAT1vbkfCSBVR9GBxef
6ytkuJ9YnK84Q8x+pS2bEBDnw0D2MwdOSF1sBb1bcFfkmbpj
N2N+hqrrvA0mcNpAgk8nU=
-----END CERTIF ICATE REQUEST-----
4. When the CA returns th e certificate, import it into the SA7100/
SA7120. Use the impor t cert command, with the KeyID. As
with the import key, choose an import protocol for importing the
key . Use p for paste. After the paste is finished, add three periods
to display the command line.
HP SA7120> import cert mywebserver
keyid is mywebser ver;
Import protocol: (paste, xmodem) [paste]:
<Enter>
Type or paste in date, end with ... alone on line
-----BEGIN CERT IFICATE----MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQHEwVQ
b3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug
.
.
.
-----END CERTIF ICATE----- <Enter>
... <Enter>
Import successful!
HP SA7120>
5. Create mapping for Server 1. Use the create map command to
specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP (0.0.0.0): 10.1.1.30
SSL (network) port [443]: <Enter>
Cleartext (server) port [80]: <Enter>
KeyID to use for mappi ng: mywebserver
6. Save the configuration when the server has been mapped.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>
19
C H A P T E R 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide
Using an Existing Key/Certificate
Exporting a Key/Certificate from a Server
NOTE: Currently there
is no published method
for extracting private
keys from Microsoft* IIS
or Netscape* servers.
This method is used when it is important that the existing keys and
certificates are used.
Consult your server software documentat ion for detailed inst ructions
on how to export keys and certificates. Once you have exported the
keys and certificates, use the import key and import cert commands
to paste the keys and certificates into your SA7100/SA7120. Some
general instructions are provided bel ow for the Apache* Web Server.
Apache* Interface to Open SSL* (mod_ssl)
For key:
1. Look in $APACHEROOT/conf/httpd.conf for location of *.key
file.
2. Copy and paste the key file.
For certificate:
1. Look in $APACHEROOT/conf/httpd.conf for location of *.crt
file (certificate).
2. Copy and paste the certificate file.
20
Apache SSL*
For key:
1. Look in $APACHESSLROOT/conf/httpd.conf for location of
*.key file.
2. Copy and paste the key file.
For certificate:
1. Look in $APACHESSLROOT/conf/httpd.conf for location of
*.cert file.
2. Copy and paste the certificate file.
Loading...