Help - SSL Settings

Connection:/SSL/
Setting Explanation Default /
Example Data
Type Access
R,W,A,D
SessionCacheSize This setting specifies the number of SSL server sessions to cache. A cached session provides for a very much faster client connection, because subsequent connections bypass the time-consuming part of the initial cryptographic handshake between the client and the server. 1024 Integer R,W
SessionTimeout This setting specifies how many seconds a cached session is kept. It is not recommended that this be longer than a day (86400 seconds) for security reasons as well as cache size reasons.
PowerWeb flushes its session cache every time you shut it down for a "complete restart", but it preserves the session cache across "quick restarts". This is to ensure that no cryptographically sensitive information is stored on your file system.
3600 Integer R,W
AuthenticateClient If you select "Yes", then the server will request an authentication certificate from the client and will check it for validity. This will only occur with SSL Version 3 or later connections.
If you select "No", then the server will NOT request an authentication certificate from the client, unless the client accesses a Resource that specifically requires Client Authentication. This is a "lazy" authentication approach, which is suitable when only some portions of your site need to be protected by Client Certificates.
If the client does not have a certificate, or its certificate is not acceptable, then the connection is still allowed, subject to any access control rules for the Resource that is being accessed. If the SSL Resource Authentication settings require client authentication, then a client with an invalid certificate will be denied access.
Only clients presenting a cryptographically correct certificate and whose certificate authority is listed within the SSLClientCA setting will be accepted.
No Integer R,W
SSLClientCA Allows you to specify a Certificate Authority whose certificates you will accept as valid when clients access this server. If a client presents a certificate signed by another Certificate Authority, that client will be denied access.
To accept a certificate signed by any of the Certificate Authorities listed in your Certificate List, leave this setting empty.
You can also limit the Certificate Authority to accept on a per-resource basis. This means you can keep the bulk of your site open while restricting certain resources more tightly.
Text R,W
ClientCacheSize This setting specifies the number of SSL client sessions to cache when PowerWeb acts as an SSL client instead of as a server. PowerWeb acts as a client when running the #fetch WebMacro. 128 Integer R,W
DefaultCertificate If you have a server with a single IP address, you can specify the certificate to present here.
You can choose any certificate from your Certificate List so long as the Certificate Common Name matches the host name of your server.
The default setting is "license", which is the certificate that you obtain when licensing your secure server.
License Text R,W
CertificateMap This is a list of Server Certificates to use for each IP address of your server. If this list is empty, or if an IP address is not listed there, the DefaultCertificate setting is used to choose a certificate. . List R,W

Connection:/SSL/
Setting	Explanation	Default / Example	Data Type	Access R,W,A,D
SessionCacheSize	This setting specifies the number of SSL server sessions to cache. A cached session provides for a very much faster client connection, because subsequent connections bypass the time-consuming part of the initial cryptographic handshake between the client and the server.	1024	Integer	R,W
SessionTimeout	This setting specifies how many seconds a cached session is kept. It is not recommended that this be longer than a day (86400 seconds) for security reasons as well as cache size reasons. PowerWeb flushes its session cache every time you shut it down for a "complete restart", but it preserves the session cache across "quick restarts". This is to ensure that no cryptographically sensitive information is stored on your file system.	3600	Integer	R,W
AuthenticateClient	If you select "Yes", then the server will request an authentication certificate from the client and will check it for validity. This will only occur with SSL Version 3 or later connections. If you select "No", then the server will NOT request an authentication certificate from the client, unless the client accesses a Resource that specifically requires Client Authentication. This is a "lazy" authentication approach, which is suitable when only some portions of your site need to be protected by Client Certificates. If the client does not have a certificate, or its certificate is not acceptable, then the connection is still allowed, subject to any access control rules for the Resource that is being accessed. If the SSL Resource Authentication settings require client authentication, then a client with an invalid certificate will be denied access. Only clients presenting a cryptographically correct certificate and whose certificate authority is listed within the SSLClientCA setting will be accepted.	No	Integer	R,W
SSLClientCA	Allows you to specify a Certificate Authority whose certificates you will accept as valid when clients access this server. If a client presents a certificate signed by another Certificate Authority, that client will be denied access. To accept a certificate signed by any of the Certificate Authorities listed in your Certificate List, leave this setting empty. You can also limit the Certificate Authority to accept on a per-resource basis. This means you can keep the bulk of your site open while restricting certain resources more tightly.		Text	R,W
ClientCacheSize	This setting specifies the number of SSL client sessions to cache when PowerWeb acts as an SSL client instead of as a server. PowerWeb acts as a client when running the #fetch WebMacro.	128	Integer	R,W
DefaultCertificate	If you have a server with a single IP address, you can specify the certificate to present here. You can choose any certificate from your Certificate List so long as the Certificate Common Name matches the host name of your server. The default setting is "license", which is the certificate that you obtain when licensing your secure server.	License	Text	R,W
CertificateMap	This is a list of Server Certificates to use for each IP address of your server. If this list is empty, or if an IP address is not listed there, the DefaultCertificate setting is used to choose a certificate.	.	List	R,W