E.2.10 Calendar Server SSL Configuration Parameters (Sun Java System Calendar Server 6.3 Administration Guide)

Sun Java System Calendar Server 6.3 Administration Guide

E.2.10 Calendar Server SSL Configuration Parameters

The following table shows the ics.conf SSL Configuration parameters with each parameter’s default value and description. While most of the SSL parameters take the default values, two of the parameters require you to change the value from the system default to the SSL value, as follows:

service.http.ssl.usessl="yes"
service.http.ssl.port.enable="yes"

The table that follow shows the ics.conf parameters and their default settings. Verify that your ics.conf parameters have the appropriate values:

Table E–9 Configuration Parameters for SSL


Parameter	Default Value	Description
`encryption.rsa.` `nssslactivation`	`"on"`	Enables the RSA Cypher Encryption Family Services for SSL.
`encryption.rsa.` `nsssltoken`	`"internal"`	Specifies the location of the RSA Cypher Encryption Family token.
`encryption.rsa.` `nssslpersonalityssl`	`"SampleSSLServerCert`"	Specifies the certificate name for the RSA Cypher Encryption Family.
`service.http.tmpdir`	`/var/opt/SUNWis5/tmp` doma	Specifies a temp directory.
`service.http.uidir.` `path`	`"html"`	Specifies directory where the UI files are found.
`service.http.ssl.` `cachedir`	`"."`	Specifies the physical path location for the SSL cache.
`service.http.ssl.` `cachesize`	`"10000"`	Specifies the maximum size of the SSL cache database.
`service.http.ssl.` `usessl`	`"no"`	For SSL configuration, change this value to `"yes"`. Specifies whether the `cshttpd` process should use the SSL subsystem.
`service.http.ssl.` `port.enable`	`"no"`	For SSL configuration, change this value to “yes”. Note – This does not disable the HTTP process from listening to its port. There is no way to actually disable HTTP, but you can assign it to another port that is non-functional. Do not set `service.http.enable="no"`. That would disable the HTTPS process also.
`service.http.ssl.` `port`	`"443"`	Specifies the SSL port number where the `cshttpd` process listens for HTTPS requests from Calendar Server users. Do not set this to the same default port used by HTTP (`"80"`).
`service.http.ssl.` `securesession`	`"yes"`	Specifies whether to encrypt the entire session.
`local.ssldbpath`	"/etc/opt/SUNWics5/config"	Specifies the physical path location of the SSL Certificate Database.
`service.http.ssl.certdb.password` — This parameter was removed from the `ics.conf` file. It was replaced by a configuration file.	`sslpassword.com`	`sslpassword.conf` is a text file that contains the certificate database password. This file is used by the `certutil` utility but not by Calendar Server. Create `sslpassword.conf` in the following directory: `/etc/opt/SUNWics5/config`
`service.http.ssl.` `sourceurl`	`"https://localhost:443"`	Specifies the SSL host name and port number for the originating source URL.
`service.http.ssl.` `ssl2.ciphers`	`""`	Specifies ciphers for SSL2.
`service.http.ssl.` `ssl2.sessiontimeout`	`"0"`	Specifies the session timeout for SSL2.
`service.http.ssl.` `ssl3.ciphers`	"rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_des_sha, rsa_rc4_128_md5, rsa_3des_sha"	Specifies a list of supported or valid SSL ciphers.
`service.http.ssl.` `ssl3.sessiontimeout`	`"0"`	Specifies the timeout value for the SSL session.