The SSL kernel proxy can improve the speed of SSL packet processing on an Oracle iPlanet Web Server. This procedure implements the simple scenario that is illustrated in Kernel-Encrypted Web Server Communications.
Before You Begin
You have installed and configured an Oracle iPlanet Web Server. The server can be downloaded from Oracle iPlanet Web Server (https://www.oracle.com/middleware/technologies/webtier.html). For instructions, see Oracle iPLANET WEB SERVER 7.0.27 (https://docs.oracle.com/cd/E18958_01/index.htm).
You must become an administrator who is assigned the Network Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
Use the administrator web interface to stop the server. For instructions, see Oracle iPLANET WEB SERVER 7.0.27 (https://docs.oracle.com/cd/E18958_01/index.htm).
See the ksslcfg(1M) man page for the full list of options. For the list of parameters that you must supply, see Step 3 in How to Configure an Apache 2.2 Web Server to Use the SSL Kernel Proxy.
Specify the SSL proxy port and associated parameters by using one of the following formats:
# ksslcfg create -f key-format -i key-and-certificate-file \ -p password-file -x proxy-port ssl-port
# ksslcfg create -f pkcs11 -T PKCS11-token -C certificate-label \ -p password-file -x proxy-port ssl-port
# svcs svc:/network/ssl/proxy STATE STIME FMRI online 02:22:22 svc:/network/ssl/proxy:default
For instructions, see Oracle iPLANET WEB SERVER 7.0.27 (https://docs.oracle.com/cd/E18958_01/index.htm).
The web server service can start only after the SSL kernel proxy instance is started. The following commands establish that dependency, assuming the FMRI of the web server service is svc:/network/http:webserver7:
# svccfg -s svc:/network/http:webserver7 svc:/network/http:webserver7> addpg kssl dependency ...webserver7> setprop kssl/entities = fmri:svc:/network/ssl/proxy:kssl-INADDR_ANY-443 ...webserver7> setprop kssl/grouping = astring: require_all ...webserver7> setprop kssl/restart_on = astring: refresh ...webserver7> setprop kssl/type = astring: service ...webserver7> end
# svcadm enable svc:/network/http:webserver7