friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpssl.htm

94 lines
6.1 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security considerations for using SSL with HTTP server" />
<meta name="abstract" content="IBM HTTP Server can provide secure Web connections to your system." />
<meta name="description" content="IBM HTTP Server can provide secure Web connections to your system." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpsetupsecurity.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpssl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security considerations for using SSL with HTTP server</title>
</head>
<body id="tcpssl"><a name="tcpssl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security considerations for using SSL with HTTP server</h1>
<div><p>IBM<sup>®</sup> HTTP
Server can provide secure Web connections to your system.</p>
<div class="p"> A secure web site means that transmissions between the client and the
server (in both directions) are encrypted. These encrypted transmissions are
safe both from the scrutiny of sniffers and from those who attempt either
to capture or to alter the transmissions.<div class="note"><span class="notetitle">Note:</span> Keep in mind that a secure
Web site applies strictly to the security of the information that passes between
client and server. The intent of this is not to reduce your servers vulnerability
to hackers. However, it certainly limits the information that a would-be hacker
can obtain easily through sniffing.</div>
</div>
<p>The topics on SSL and Webserving (HTTP) in the information center provides
complete information for installing, configuring, and managing the encryption
process. These topics provide both an overview of the server features and
some considerations for using the server. </p>
<div class="p">Internet Connection Server provides HTTP and HTTPS support when one of
the following licensed programs is installed:<ul><li>5722NC1</li>
</ul>
When these options are installed, the product is referred to as the Internet
Connection Secure Server.</div>
<div class="p">Security that depends on encryption has several requirements:<ul><li>Both the sender and receiver (server and client) must understand the encryption
mechanism and be able to perform encryption and decryption. The HTTP server
requires an SSL-enabled client. (Most popular Web browsers are SSL-enabled.)
The iSeries™ encryption
licensed programs support several industry-standard encryption methods. When
a client attempts to establish a secure session, the server and client negotiate
to find the most secure encryption method that both of them support.</li>
<li>The transmission must not be able to be decrypted by an eavesdropper.
Thus, encryption methods require both parties to have an encryption/decryption
private key that only they know. If you want to have a secure external Web
site, you should use an independent certificate authority (CA) to create and
issue digital certificates to users and servers. The certificate authority
is known as a trusted party.</li>
</ul>
Encryption protects the confidentiality of transmitted information. However,
for sensitive information, such as financial information, you want integrity
and authenticity in addition to confidentiality. The client and
(optionally) the server must trust the party on the other end (through an
independent reference) and they must be sure that the transmission has not
been altered. The digital signature that is provided by a certification authority
(CA) provides these assurances of authenticity and integrity. The SSL protocol
provides authentication by verifying the digital signature of the servers
certificate (and optionally the clients certificate). </div>
<p>Encryption and decryption require processing time and will affect the performance
of your transmissions. Therefore, iSeries servers provide the capability
to run both the programs for secure and insecure serving at the same time.
You can use the insecure HTTP server to serve documents that do not require
security, such as your product catalog. These documents will have a URL that
starts with http://. You can use a secure HTTP server for sensitive information
such as the form where the customer enters credit card information. The program
can serve documents whose URL starts either with http:// or with https://.</p>
<p><strong>Reminder:</strong> It is good Internet etiquette to inform your clients when
transmissions are secure and not secure, particularly when your Web site only
uses a secure server for some documents.</p>
<p>Keep in mind that encryption requires both a secure client and a secure
server. Secure browsers (HTTP clients) have become fairly common.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpsetupsecurity.htm" title="The following information guides you through the process of setting up TCP/IP security.">Set up TCP/IP security</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink