Sun Java System Calendar Server 6 2005Q4 Administration Guide

SSL Configuration

The following table shows the ics.conf SSL Configuration parameters with each parameter’s default value and description. While most of the SSL parameters take the default values, two of the parameters require you to change the value from the system default to the SSL value, as follows:

The table that follow shows the ics.conf parameters and their default settings. Verify that your ics.conf parameters have the appropriate values:

Table E–6 Configuration Parameters for SSL

Parameter  

Default Value  

Description  

encryption.rsa.nssslactivation

"on" 

Enables the RSA Cypher Encryption Family Services for SSL. 

encryption.rsa.nsssltoken

"internal" 

Specifies the location of the RSA Cypher Encryption Family token. 

encryption.rsa.nssslpersonalityssl

"SampleSSLServerCert" 

Specifies the certificate name for the RSA Cypher Encryption Family. 

service.http.tmpdir 

"/var/opt/SUNWis5/
tmp"

Specifies a temp directory. 

service.http.uidir.path 

“html” 

Specifies directory where the UI files are found. 

service.http.ssl.cachedir

"." 

Specifies the physical path location for the SSL cache. 

service.http.ssl.cachesize

"10000" 

Specifies the maximum size of the SSL cache database. 

service.http.ssl.usessl

"no" 

For SSL configuration, change this value to “yes”. 

Specifies whether the cshttpd process should use the SSL subsystem.

service.http.ssl.port.enable

"no" 

For SSL configuration, change this value to “yes”. 


Note –

This does not disable the HTTP process from listening to its port. There is no way to actually disable HTTP, but you can assign it to another port that is non-functional.

Do not set service.http.enable=”no”. That would disable the HTTPS process also.


service.http.ssl.port

"443" 

Specifies the SSL port number where the cshttpd process listens for HTTPS requests from Calendar Server users.

Do not set this to the same default port used by HTTP ("80").

service.http.ssl.securesession

"yes" 

Specifies whether to encrypt the entire session. 

service.http.ssl.certdb.path

"alias" 

Specifies the physical path location of the SSL Certificate Database. 

service.http.ssl.certdb.password

"password"

Specifies the SSL Certificate Database access password. 

service.http.ssl.sourceurl

"https://localhost:443"

Specifies the SSL host name and port number for the originating source URL. 

service.http.ssl.ssl2.ciphers

"" 

Specifies ciphers for SSL2. 

service.http.ssl.ssl2.sessiontimeout

"0" 

Specifies the session timeout for SSL2. 

service.http.ssl.ssl3.ciphers

"rsa_rc4_40_md5,
rsa_rc2_40_md5,
rsa_des_sha,
rsa_rc4_128_md5,
rsa_3des_sha"

Specifies a list of supported or valid SSL ciphers. 

service.http.ssl.ssl3.

sessiontimeout 

"0"

Specifies the timeout value for the SSL session.