The following messages are displayed in situations where a fatal error occurred. NSSL will abend because it can not recover from that error.
Fatal Error: could not listen on port <port number>, error <error number >
Error condition which is caused either by another application listening on same port or by configuring the NSSL with a PORT param less then 1024 while not starting the NSSL under the SUPER user logon. The NSSL terminates.
Fatal Error: AWAITIOX file <filename> (filenum <filenumber>) completed with error <error number>
A nowaited operation on file identified by filename completed with a filesystem error. Watch for other message which come along with this one in order to decide whether and what action has to be taken.
Fatal Error: fatal error in proxy server, OnAccept: Accept failed
Internal error condition. Receiving a connection failed. Watch for other message which come along with this one in order to decide whether and what action has to be taken.
Fatal Error: HTTP fatal accept error in HTTP server
Internal error condition. Receiving a connection failed. Watch for other message which come along with this one in order to decide whether and what action has to be taken.
out of memory in CHTTPServer::OnAccept
Internal error condition. Contact your support representative.
Fatal SSL error <error text>, exiting
A fatal error specified by error text has occurred. The NSSL is being ended. Please consult your support representative for further action.
Can't open input file <filename>
Warning that the file given by filename cannot be opened. The severity of this message depends on the context in which it appears. If for example the server key file cannot be opened the NSSL terminates. Watch for other messages surrounding this one.
Fatal SSL error <error number> , exiting
A fatal error during SSL processing has occurred which causes the NSSL to terminate. Watch for earlier message which give additional information.
illegal parameter <param value> for MINVERSION needs to be one of 2.0/3.0/3.1
Warning about an invalid setting of param MINVERSION. The allowed settings are being displayed with the message. This message appears during start up of the NSSL. The NSSL will not start.
illegal parameter '%s' for MAXVERSION needs to be one of 2.0/3.0/3.1
Error message about an invalid setting of param MAXVERSION. The allowed settings are being displayed with the message. This message appears during start up of the NSSL. The NSSL will not start.
MAXVERSION can not be smaller than MINVERSION
Warning that an invalid param setting have been detected where MINVERSION is smaller than MAXVERSION. This message appears during start up of the NSSL. The NSSL will not start.
Index
A
Acting as Your Own CA 115 Address already in use 127 ALLOWCERTERRORS 48 ALLOWIP 50 AUDITASCIIDUMPLENIN 51 AUDITASCIIDUMPLENOUT 51 AUDITASCIIONLY 51 AUDITCONSOLE 52 AUDITFILE 52 AUDITFILERETENTION 53 AUDITFORMAT 53 Auditing 112 AUDITLEVEL 54 AUDITMAXFILELENGTH 55 B
Browser displaying garbage page 126 Browser unable to connect 126
C CACERTS 55 Cipher Suites 111 CIPHERSUITES 56 CLIENTAUTH 57 CLIENTCERT 57 CLIENTKEY 58 CLIENTKEYPASS 59
Command Interface NSSLCOM 100 Command Reference for CONNECTION
Commands 103 CONFIG 59
CONFIG2 60
Configuration Overview 41
Configuring a Loopback TCP/IP Process 92 Configuring NSSL as a Generic Process (G
series) 90
Configuring NSSL as a Static Pathway Server (D series) 91
Configuring NSSL as Multi-Homed Proxy 91 Configuring SSL for Production as SSL Client 119 Configuring SSL for Production Running as SSL
Server 116
Connection closed by NSSL immediately after setting-up a secure connection 126 CONNECTIONS 103
CONNECTIONS, DETAIL 104
Considerations for installing on different NonStop server versions 24
CONTENTFILTER 60 Could not open xxx file 127 Customizing the Log Format 94
D Decode error 127 DENYIP 62 Document History 9 DONOTWARNONERROR 63 E
EXPAND Multi-Line versus Multi-CPU Paths 37
F Fatal Errors 133 Flexibility 112 FTPALLOWPLAIN 63 FTPCALLOW200REPLY 64 FTPLOCALDATAPORT 64 FTPMAXPORT 65 FTPMINPORT 65 H Handshake error 127
HTTP 404 - File not found 126 HTTPBASE 66
HTTPZIP 66
I
If the Private Key Is Compromised 45 Implementation Overview 111 INFO CONNECTION 104 Informational Messages 133
Installation on the NonStop Server 24 Installing NSSL on the NonStop System 24 Installing the License File 25
INTERFACE 67 Introduction 122 Invalid address 127
K
KEEPALIVE 67
L
LICENSE 68
Load Balancing and Fault-Tolerance of EXPAND over SSL 37
Log Level Recommendations 93 LOGCONSOLE 68
LOGEMS 69 LOGFILE 69
Logfile rollover for SWAP versions 1045 and earlier 98
Logfile rollover for SWAP versions 1046 and later 98
Logfile/Auditfile rollover using round robin 98 LOGFILERETENTION 70 LOGFORMAT 71 LOGFORMATCONSOLE 71 LOGFORMATEMS 71 LOGFORMATFILE 72 LOGLEVEL 73 LOGLEVELCONSOLE 73 LOGLEVELEMS 74 LOGLEVELFILE 74 LOGMAXFILELENGTH 75 LOGMEMORY 75 M
Mapping URLs to Disk Files 109 MAXSESSIONS 76
MAXVERSION 76 MINVERSION 76 Monitoring NSSL 92
Multi-Line Path Installation Sample 38
Multiple Configurations in a Single NSSL Process 89
N
Non-Stop Availability 14, 89
NSSL as a Plain FTP Client Proxy 19 NSSL as a plain FTP Server Proxy 19
NSSL as a Proxy to Secure EXPAND Over IP Traffic 20
NSSL as a Proxy to Secure IBM Websphere MQ 20
NSSL as a Secure ATTUNITY Server Proxy 19 NSSL as a Secure FTP Proxy 18
NSSL as a Secure Proxy for Generic TCP/IP Client/Server Applications Access 17
NSSL as a Secure Proxy for ODBC/MX Traffic 21 NSSL as a Secure Proxy for Telnet Access 16
NSSL as a Secure Web Server 15 NSSL as a Web Server 14
NSSL Features 14
NSSL Log Messages and Warnings 129 NSSL Parameter Reference 46
O
Obtaining a Certificate from a Third Party CA 114 Optimizing Throughput 38
Overcoming Guardian File System Restrictions 15 Overview 92
P
Parallel Library Support 14 PARAM Commands 43 Parameter Overview 46 PASSIVE 77 PEERCERTCOMMONNAME 77 PEERCERTFINGERPRINT 78 Performance 14
Performance Analysis of SSL EXPAND Traffic 124 Performance analysis of SSL FTP traffic 123 Performance Analysis of SSL Session
Establishment 123 PORT 79
Problem with checking license file 127
Protecting Against the Man-in-the-Middle Attack 45
Protecting Plain Ports with NSSL as a Multi- Homed Proxy 22
Protecting the Private Key File 45 PTCPIPFILTERKEY 80
R
RELOAD CERTIFICATES Command 105 RENEGOTIATE CONNECTION 105 Running NSSL as a Plain HTTP Server 27 Running NSSL as a Secure Attunity Proxy 31 Running NSSL as a Secure Client/Server Proxy
30
Running NSSL as a Secure FTP Proxy 32 Running NSSL as a Secure HTTPS Server 28 Running NSSL as a Secure RSC proxy 30 Running NSSL as a Secure Telnet Proxy 29 Running NSSL as a Secure WebSphere MQ
Proxy 34
Running NSSL as an SSL Tunnel for EXPAND- Over-IP Lines 35
Running NSSL as an SSL Tunnel for ODBC/MX Connections 40
S
Secure Sockets Layer 110
Secure Telnet Access Overview 17 Security Considerations 45
Security violation (error 4013) 128 SERVCERT 80
Serving HTTP Contents 107
Serving HTTP Contents from a ZIP Archive 108 SERVKEY 81
SERVKEYPASS 81 SLOWDOWN 82
SOCKSHOST, SOCKSPORT, SOCKSUSER 82 SSL 14
SSL Features 110 SSLINFO Command 105 Starting NSSL 44
Starting NSSL for Production as SSL Server 118 Startup Line Parameters 43
Startup Messages 129 SUBNET 83
Summary 125
Supported Commands 102 Supported MIME Types 107 SWAPCOMSECURITY 84 System Requirements 23 T TARGETHOST 85 TARGETINTERFACE 84 TARGETPORT 85 TARGETSUBNET 86 TCPIPHOSTFILE 86 TCPIPNODEFILE 87 TCPIPRESOLVERNAME 87 TCPNODELAY 88
The Certificate Signing Request 114 The Certificate Tools 113
The Configuration File 42 The History of SSL 110
The Public/Private Key Pair 113 TLS Alerts 121
To Activate the SSL Tunnel for the EXPAND Line 36
To add the date to log messages 95 To Connect with a Browser 27 To Connect with Your Browser 28
To Convert the BASE64-Encoded Certificate Received from a CA 115
To Create a HTTP Contents ZIP File for NSSL 108 To Create a Secure Connection with Any Secure
Telnet Client 30
To Create a Secure Telnet Connection with OutsideView 30
To Have NSSL Require the SSL Client Send a Certificate 118
To Have NSSL Send a Certificate to the SSL Server 120
To interpret NSSL log output when running as web server 99
To Issue a Certificate 115
To Run NSSL as a Multi-Homed Proxy 91 To Start NSSL with Verification of the Remote
Certificate 119
To Start NSSL with Your Own Certificate and Private Key 118
To Start the NSSL EXPANDS Tunnel 36 To Start the NSSL FTP Client Proxy 33 To Start the NSSL FTP Client Proxy without
Encryption 33
To Start the NSSL FTP Server Proxy 32
To start the NSSL FTP Server Proxy with an Audit Log 33
To Start the NSSL Secure Attunity Proxy 31 To Start the NSSL Secure ODBC/MX Proxy 40 To Start the NSSL Secure RSC proxy 30 To Start the NSSL Secure Telnet Proxy 29 To Start the NSSL Secure Web Server 28 To Start the NSSL Secure WebSphere MQ proxy
Process for the Receiving Channel 35 To Start the NSSL Secure WebSphere MQ Proxy
Process for the Sending Channel 34 To Start the NSSL Web Server 27
To Submit a Certificate Signing Request for a Certificate 114
Troubles with NSSL 127 Troubles with the Browser 126 TRUST 88
U
Usage of NSSLCOM a Sample Session 101 Using NSSL to Limit the Remote IP Addresses 22 Using SHOWLOG to View a Log File 95
Using Your Own Server Key and Certificate Files 117
W
Warning Messages 132 Web Server Log 98 What is a log level? 93 What is a log message? 93 What Is the NSSL Server? 12 Who Should Read this Guide 7
Why are there three different log devices? 93
X