The file must be a PEM file that contains an RSA or DSA key or certificate. If no certificate/key is specified, the web and chat server will agree on a 'temporary' self-signed key and certificate.
Example:
/as general ssl certfile cert.pem
Sets a file containing the certificate chain (in PEM format) associated with the SSL certificate you are using. This is needed when your server certificate is signed by an intermediate CA.
Example:
/as general ssl chainfile key.pem
This will disable SSL connections for the server.
Example:
/as general ssl disable
This will enable SSL connections for the server.
Example:
/as general set enable
The file must be a PEM file that contains an RSA or DSA key or certificate. If no certificate/key is specified, the web and chat server will agree on a 'temporary' self-signed key and certificate.
Example:
/as general ssl keyfile key.pem
This specifies the SSL port for the server. The server may be bound to a particular IP. However, the same port may not be used both for secure and insecure connections, even if it's bound to different IPs. The default secure port is 994. UNIX customers not running with root privileges must change this.
Examples:
/as general ssl port 8001
/as general ssl port 8001:127.0.0.1
This command enables or disables automatic updating of the server's table of denied destinations. The default is to enable automatic updating.
Example:
/as general ssl update on
For reasons of national security, certain countries are denied access to encryption technology. The server maintains a table of such denied destinations and infrequently checks for updates to that list. If the server is behind a firewall or not on the Internet, it may be desirable to disable these automatic updates.
By default, SSLv2 support is disabled. You can set that to 'enable' to allow it, but you really shouldn't because having SSLv2 support enabled creates a security risk, even to clients that suppor SSLv3 and TLSv1.
Example:
/as general ssl v2 enable
A man-in-the-middle can proxy an SSL connection, changing the 'maximum version supported' field to 2, forcing the two sides to negotiate SSLv2 even though they both support SSLv3, they can then launch any of a number of known attacks against SSLv2 that are fixed in SSLv3.