[<server>]

The DNS host name or IP address of the InterSystems IRIS application server.

The TCP port number at which the superserver for this InterSystems IRIS instance is listening for incoming Web Gateway connections.

If specified, identifies the InterSystems IRIS application server as a mirror primary, accessing mirrored databases. Specify a value of 1 to enable.

The minimum number of process-affinitive connections that the Web Gateway should make to this InterSystems IRIS application server before beginning to share the connections among clients. The default value is 3.

The maximum number of connections that the Web Gateway is allowed to make to this InterSystems IRIS application server. By default this is unspecified, and inherits the value of MAX_CONNECTIONS for the Web Gateway.

The maximum number of connections to this InterSystems IRIS application server which can be used concurrently by an individual session. The default value is 3.

A numeric value indicating how you have chosen to secure the connection between the Web Gateway and this InterSystems IRIS application server. Allowed values are:

• 0 — Password

• 1 — Kerberos

• 2 — Kerberos with Packet Integrity

• 3 — Kerberos with Encryption

• 4 — SSL/TLS

The username the Web Gateway must use to authenticate its connection to the InterSystems IRIS server.

The password which the Web Gateway must use to authenticate its connection to the InterSystems IRIS application server.

Alternatively, on UNIX®/Linux/macOS systems, this parameter can specify an operating system command within braces ({}). For example: Password={sh /tmp/PWretrieve.sh}. The Web Gateway executes the command when the command is saved as part of a server access profile within the Web Gateway management pages or when the RELOAD=1 flag is found in the CSP.ini file’s [SYSTEM] section. The output of the command is then stored as the password for the application server within memory.

The value of this parameter is stored as a hash value within the CSP.ini file.

A numeric value indicating what InterSystems product the application server is associated with (InterSystems IRIS). Allowed values are:

• 0 — InterSystems Caché®

• 1 — InterSystems Ensemble®

• 2 — InterSystems IRIS, InterSystems IRIS for Health, or HealthShare® products

The service principal name which identifies this InterSystems IRIS server within your implementation of Kerberos-based authentication for Web Gateway connections.

The location of the keytab file, if you are using Kerberos-based authentication.

A numeric value indicating the minimum SSL/TLS protocol version the Web Gateway and the InterSystems IRIS application server can use to secure their connection. Allowed values are:

• 4 — TLSv1.0

• 8 — TLSv1.1

• 16 — TLSv1.2

• 32 — TLSv1.3 (where supported)

When TLSv1.3 is supported, the default value is 16. Otherwise, the default value is 8.

A numeric value indicating the maximum SSL/TLS protocol version the Web Gateway and the InterSystems IRIS application server can use to secure their connection. Allowed values are:

• 4 — TLSv1.0

• 8 — TLSv1.1

• 16 — TLSv1.2

• 32 — TLSv1.3 (where supported)

When TLSv1.3 is supported, the default value is 32. Otherwise, the default value is 16.

If specified, requires peer certificate verification for the InterSystems IRIS application server. Specify a value of 1 to enable.

Specifies the accepted cipher suites when the connection is secured with TLSv1.2 or below. The default value is ALL:!aNULL:!eNULL:!EXP:!SSLv2.

Specifies the accepted cipher suites when the connection is secured with TLSv1.3. The default value is TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256.

The full path to the SSL/TLS certificate file for the Web Gateway. Supported file formats for certificate files are the same as those supported for InterSystems IRIS TLS Configurations.

The full path to the private key associated with the Web Gateway’s SSL/TLS certificate. Supported file formats for certificate files are the same as those supported for InterSystems IRIS TLS Configurations.

A numeric value indicating the cryptographic algorithm to which the key corresponds. Allowed values are:

• 1 — DSA

• 2 — RSA

If specified, the password required to access the Web Gateway’s private key file.

Alternatively, on UNIX®/Linux/macOS systems, this parameter can specify an operating system command within braces. For example: SSLCC_Private_Key_Password={sh /tmp/tlsPWretrieve.sh}. The Web Gateway executes the command when it is saved as part of a server access profile within the Web Gateway management pages or when the RELOAD=1 flag is present in the CSP.ini file’s [SYSTEM] section. The output of the command is then stored as the private key password within memory.

This password is stored as a hash value within the CSP.ini file.

The full path to the certificate for Certificate Authority (CA) for the Web Gateway’s certificate. Supported file formats for certificate files are the same as those supported for InterSystems IRIS TLS Configurations.