Use this page to view/edit settings for the Administration Server's HTTP listener. The HTTP listener controls connections between the Administration Server and administration clients using the Administration interface or the command-line interface. You also enable security for connections on the HTTP listener using Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
The HTTP listener settings for the Administration Server are the same as those for a regular server. However, only a restricted set of users access the Administration Server, so you should configure the settings to be as secure as possible.
The following settings are recommended:
SSL/TLS selected
SSL2 selected
SSL3 selected
TLS enabled with rsa_rc4_128_md5 and rsa_3des_sha only (other ciphers not selected).
The following table describes the fields and buttons on the page. The left column lists the fields and buttons; the right column describes the functionality.
Field or Button
|
Description
|
---|---|
Id |
The name of the HTTP listener. |
IP Address |
The IP address of the HTTP listener. Can be in dotted-pair or IPv6 notation. Can also be 0.0.0.0, any, or ANY or INADDR_ANY (all IP addresses). |
Port |
The port number to create the HTTP listener on. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges. |
Return Server Name |
Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn't affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias. If you append a colon and port number, that port will be used in URLs the server sends to the client. |
Default Virtual Server |
The default virtual server for the HTTP listener. The list contains all available virtual servers in the Administration Server. |
Listener Enabled |
Indicates whether or not the listener is enabled and ready to accept connections. |
SSL/TLS Enabled |
Determines whether security is enabled. |
Certificate Nickname |
Determines the name of an installed certificate to use for this listener. You must have previously installed a certificate to see its nickname in this list. |
SSL2 Enabled |
Determines whether SSL2 is enabled. For administrative purposes, deselecting SSL2 and using TLS only is recommended. |
SSL2 Ciphers |
Determines which SSL2 cipher suites are selected (provided SSL2 is selected). |
SSL3 Enabled |
Determines whether SSL3 is enabled. For administrative purposes, deselecting SSL3 and using TLS only is recommended. If your browser does not support TLS, then select SSL3. |
TLS Enabled |
Determines whether TLS is enabled.
|
TLS Rollback Enabled |
Determines whether TLS rollback is enabled.
|
SSL3/TLS Ciphers |
Determines whether SSL3/TLS ciphers is enabled. For administrative purposes, limiting access to the 128 bit cipher suites is recommended. |
Client Authentication Enabled |
Determines whether client authentication is required on this listener. Client authentication is the process of authenticating client certificates by cryptographically verifying the certificate signature and the certificate chain leading to the CA on the trust CA list. Before enabling this option, be sure to install certificates allowing yourself access. |
Family |
The socket family type. Legal values are inet, inet6, and nca. Use the value inet6 for IPv6 listeners. If this value is inet6, IPv4 addresses are prefixed with ::ffff: in the server log. Specify nca to make use of the Solaris Network Cache and Accelerator. |
Blocking Enabled |
Determines whether the listener and the accepted socket are put in to blocking mode. For the Administration Server, you should not enable blocking. |
Acceptor Threads |
Number of acceptor threads for the listener. For the Administration Server, you should not change the default value of 1. |
Save |
Saves your changes. |
Reset |
Resets the values on the page to the default values. |