3.4.2 Details on the settings in the HTTP server definition file (httpsd.conf)

(a) In Windows:

1. Stop the JP1/AJS3 CSA HTTP Server service.

2. Back up the httpsd.conf file, and store the backup file in any folder.

3. Open the httpsd.conf file by using a text editor.

4. Modify the definitions to be changed.

5. Save the httpsd.conf file by using UTF-8 encoding.

6. Start the JP1/AJS3 CSA HTTP Server service.

(b) In Linux

1. Stop the JP1/AJS3 CSA HTTP Server service by running the following command:

   /etc/opt/jp1ajs3csa/jajs_csa_stop -t http

2. Back up the httpsd.conf file, and store the backup file in any directory.

3. Open the httpsd.conf file by using a text editor such as vi.

4. Modify the definitions to be changed.

5. Save the httpsd.conf file.

6. Execute the following command to start JP1/AJS3 CSA HTTP Server service:

   /etc/opt/jp1ajs3csa/jajs_csa -t http

(a) Host name of JP1/AJS3 for Cloud Service Applications server

The host name of a JP1/AJS3 for Cloud Service Applications server is set automatically.

If you have changed the host name of the JP1/AJS3 for Cloud Service Applications server, change this setting manually.

(b) Port number to be used for communication between HTTP and J2EE servers.

Specify the port number of the port to be used for the communication between the HTTP and J2EE servers on the JP1/AJS3 for Cloud Service Applications server. The default is 22267.

When you want to change the port number from the default, change the port number so that it is appropriate to the environment. Make sure that the value set for the ProxyPass and ProxyPassReverse entries is the same as the value set for the webserver.connector.nio_http.port entry in the user properties file for J2EE server (usrconf.properties). For details, see 3.4.3 User property file for J2EE server (usrconf.properties).

(c) Port number for the reception of connection requests from client

When not using SSL communication, specify the port number of the port at which the JP1/AJS3 for Cloud Service Applications server receives connection requests from the client. The default is 22265.

If you have changed the port number for the reception of connection requests from the web browser, change the port number setting.

(d) Port number for the reception of connection requests from client during SSL communication

When using SSL encryption for communication between the JP1/AJS3 for Cloud Service Applications server and a client, specify the port number of the port at which the JP1/AJS3 for Cloud Service Applications server receives connection requests from the client. The default is 22266.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line. If you have changed the port number for the reception of SSL communication from the web browser from the default setting, change the port number setting.

For details, see 3.3.2 Setting up the SSL communication environment.

(e) Name of server certification file

When using SSL encryption for communication between the JP1/AJS3 for Cloud Service Applications server and client, specify the name of the server certification file obtained from the CA. The default is httpsd.pem.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line, and then change the default setting to the name of the server certification file.

For details, see 3.3.2 Setting up the SSL communication environment.

(f) Name of private key file

When using SSL encryption for communication between the JP1/AJS3 for Cloud Service Applications server and client, specify the name of the private key file. The default is httpsdkey.pem.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line, and then change the default setting to the name of the private key file.

For details, see 3.3.2 Setting up the SSL communication environment.

(g) Version of TLS used for SSL communication.

Specify +TLSv1.2 or +TLSv1.3 as the version of the TLS protocol used for SSL communication. Only the specified version of the TLS protocol is enabled for SSL communication. You can also specify multiple versions in a space-separated list format.

Example:

In the following examples, Δ indicates a halfwidth space.

• To enable only TLSv1.2, specify the following:

  SSLProtocolΔ+TLSv1.2

• To enable only TLSv1.3, specify the following:

  SSLProtocolΔ+TLSv1.3

• To enable TLSv1.2 and TLSv1.3, specify the following:

  SSLProtocolΔ+TLSv1.2Δ+TLSv1.3

The default is +TLSv1.2.

To enable SSL communication, delete the hash mark (#) at the beginning of the definition line, and then edit the entry according to the TLS protocol versions to be used.

(h) List of cipher types available with TLSv1.3

Specify a list of cipher types available with TLSv1.3 in the following format:

SSLCipherSuite TLSv1.3 cipher-type-1:cipher-type-2:cipher-type-3...

You can specify the following values:

• TLS_AES_128_GCM_SHA256

• TLS_AES_256_GCM_SHA384

By default, all specifiable values are specified.

To enable SSL communication, always delete the hash mark (#) at the beginning of the definition line even if you do not use TLSv1.3. If you use TLSv1.3, edit the entry according to the cipher types to be used.

(i) List of cipher types available with TLSv1.2

Specify a list of cipher types available with TLSv1.2 in the following format:

SSLCipherSuite cipher-type-1:cipher-type-2:cipher-type-3...

You can specify the following values:

• AES128-GCM-SHA256

• AES256-GCM-SHA384

• ECDHE-RSA-AES128-SHA256

• ECDHE-RSA-AES256-SHA384

• ECDHE-RSA-AES128-GCM-SHA256

• ECDHE-RSA-AES256-GCM-SHA384

• ECDHE-ECDSA-AES128-SHA256

• ECDHE-ECDSA-AES256-SHA384

• ECDHE-ECDSA-AES128-GCM-SHA256

• ECDHE-ECDSA-AES256-GCM-SHA384

By default, all specifiable values are specified.

To enable SSL communication, always delete the hash mark (#) at the beginning of the definition line even if you do not use TLSv1.2. If you use TLSv1.2, edit the entry according to the cipher types to be used.