Skip to main content

[<server>]

Describes the server access profile with the name <server>. The CSP.ini file contains one [<server>] section for each server access profile defined within the Web Gateway configuration.

Details

Each InterSystems IRIS application server to which the Web Gateway connects corresponds to a server access profile. The CSP.ini file maintains each server access profile as a section of the CSP.ini file. Each server access profile section begins with the header line [<server>], where <server> represents the name of the server access profile. For example, the section corresponding to a server access profile named irisserver1 would begin with the line [irisserver1].

In addition to the parameters described in this page, you can also specify values for the following parameters, which would override any defaults specified in the [SYSTEM] section:

Available Parameters

Ip_Address

The DNS host name or IP address of the InterSystems IRIS application server.

TCP_Port

The TCP port number at which the superserver for this InterSystems IRIS instance is listening for incoming Web Gateway connections.

Mirror_Aware

If specified, identifies the InterSystems IRIS application server as a mirror primary, accessing mirrored databases. Specify a value of 1 to enable.

Minimum_Server_Connections

The minimum number of process-affinitive connections that the Web Gateway should make to this InterSystems IRIS application server before beginning to share the connections among clients. The default value is 3.

Maximum_Server_Connections

The maximum number of connections that the Web Gateway is allowed to make to this InterSystems IRIS application server. By default this is unspecified, and inherits the value of MAX_CONNECTIONS for the Web Gateway.

Maximum_Session_Connections

The maximum number of connections to this InterSystems IRIS application server which can be used concurrently by an individual session. The default value is 3.

Connection_Security_Level

A numeric value indicating how you have chosen to secure the connection between the Web Gateway and this InterSystems IRIS application server. Allowed values are:

  • 0 — Password

  • 1Kerberos

  • 2 — Kerberos with Packet Integrity

  • 3 — Kerberos with Encryption

  • 4SSL/TLS

Username

The username the Web Gateway must use to authenticate its connection to the InterSystems IRIS server.

Password

The password which the Web Gateway must use to authenticate its connection to the InterSystems IRIS application server.

Alternatively, on UNIX®/Linux/macOS systems, this parameter can specify an operating system command within braces ({}). For example: Password={sh /tmp/PWretrieve.sh}. The Web Gateway executes the command when the command is saved as part of a server access profile within the Web Gateway management pages or when the RELOAD=1 flag is found in the CSP.ini file’s [SYSTEM] section. The output of the command is then stored as the password for the application server within memory.

The value of this parameter is stored as a hash value within the CSP.ini file.

Product

A numeric value indicating what InterSystems product the application server is associated with (InterSystems IRIS). Allowed values are:

  • 0 — InterSystems Caché®

  • 1 — InterSystems Ensemble®

  • 2 — InterSystems IRIS, InterSystems IRIS for Health, or HealthShare® products

Service_Principal_Name

The service principal name which identifies this InterSystems IRIS server within your implementation of Kerberos-based authentication for Web Gateway connections.

Keytable

The location of the keytab file, if you are using Kerberos-based authentication.

SSLCC_Protocol_Min

A numeric value indicating the minimum SSL/TLS protocol version the Web Gateway and the InterSystems IRIS application server can use to secure their connection. Allowed values are:

  • 4 — TLSv1.0

  • 8 — TLSv1.1

  • 16 — TLSv1.2

  • 32 — TLSv1.3 (where supported)

When TLSv1.3 is supported, the default value is 16. Otherwise, the default value is 8.

SSLCC_Protocol_Max

A numeric value indicating the maximum SSL/TLS protocol version the Web Gateway and the InterSystems IRIS application server can use to secure their connection. Allowed values are:

  • 4 — TLSv1.0

  • 8 — TLSv1.1

  • 16 — TLSv1.2

  • 32 — TLSv1.3 (where supported)

When TLSv1.3 is supported, the default value is 32. Otherwise, the default value is 16.

SSLCC_Verify_Peer

If specified, requires peer certificate verification for the InterSystems IRIS application server. Specify a value of 1 to enable.

SSLCC_Cipher_Suites

Specifies the accepted cipher suites when the connection is secured with TLSv1.2 or below. The default value is ALL:!aNULL:!eNULL:!EXP:!SSLv2.

SSLCC_Cipher_Suites_1_3

Specifies the accepted cipher suites when the connection is secured with TLSv1.3. The default value is TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256.

SSLCC_Certificate_File

The full path to the SSL/TLS certificate file for the Web Gateway. Supported file formats for certificate files are the same as those supported for InterSystems IRIS TLS Configurations.

SSLCC_Certificate_Key_File

The full path to the private key associated with the Web Gateway’s SSL/TLS certificate. Supported file formats for certificate files are the same as those supported for InterSystems IRIS TLS Configurations.

SSLCC_Key_Type

A numeric value indicating the cryptographic algorithm to which the key corresponds. Allowed values are:

  • 1 — DSA

  • 2 — RSA

SSLCC_Private_Key_Password

If specified, the password required to access the Web Gateway’s private key file.

Alternatively, on UNIX®/Linux/macOS systems, this parameter can specify an operating system command within braces. For example: SSLCC_Private_Key_Password={sh /tmp/tlsPWretrieve.sh}. The Web Gateway executes the command when it is saved as part of a server access profile within the Web Gateway management pages or when the RELOAD=1 flag is present in the CSP.ini file’s [SYSTEM] section. The output of the command is then stored as the private key password within memory.

This password is stored as a hash value within the CSP.ini file.

SSLCC_CA_Certificate_File

The full path to the certificate for Certificate Authority (CA) for the Web Gateway’s certificate. Supported file formats for certificate files are the same as those supported for InterSystems IRIS TLS Configurations.

FeedbackOpens in a new tab