Add a PeSIT server

To add a PeSIT server, go to the extended Server Control page and on the PeSIT Servers pane, click Actions > Add Server.

The following table presents all parameters and expected values associated with your new PeSIT server.

Field Description
General
Server Name Enter a unique name of your server.
Enable PeSIT over Plain Socket Select to enable non-secure PeSIT transfers.
Enable PeSIT over Secured Socket Select to enable secure PeSIT transfers.
Enable PeSIT over Secured Socket (legacy) Select to enable transfers with remote partners using SSL Legacy.
Enable PeSIT over Secured Socket (legacy § comp)

Select to enable the automatic detection of the used SSL/TLS mode (Legacy or Comp) when SecureTransport acts as a server. Information about the detected mode is logged in the server log under Level > Debug.

The PeSIT listener used for communication with partners in both TLS Comp and TLS Legacy modes is configured using the following server configuration parameters:

  • Pesit.Autodetect.Tls.Mode.Enabled - enables or disables the listener
  • Pesit.Autodetect.Tls.Mode.Port - specifies the port number of the listener
  • Pesit.Listeners.Autodetect.Tls.Mode.keyAlgorithm - specifies the key algorithm
  • Pesit.Listeners.Autodetect.Tls.Mode.keyAlias - specifies the key alias of the listener
  • Pesit.Listeners.Autodetect.Tls.Mode.protocol - specifies the protocol of the listener
  • Pesit.Listeners.Autodetect.Tls.Mode.trustAlgorithm - specifies the trust algorithm
Enable PeSIT over pTCP plain socket Select to enable non-secure PeSIT transfers over pTCP.
Enable PeSIT over pTCP secure socket Select to enable secure PeSIT transfers over pTCP.
Enable FIPS Transfer Mode

Select to enable FIPS transfer mode for PeSIT connections.

By selecting this option, the Enabled FIPS Ciphers field becomes editable.

Port Enter the port number of your PeSIT server.
SSL port Enter the SSL port number for secure connection to your PeSIT server.
Host Enter the IP address of your external PeSIT (or PeSIT) host server. Leave this option blank if you do not need an external host.
Key Exchange Algorithms

Enter the Key Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.

SSL Key Alias Select an SSL Key Alias from the drop-down list, for example, PeSITd.
PeSIT SSL Protocol Enter the used SSL protocol group: SSL or TLS (TLS by default). Note that with SecureTransport running on AIX systems, the default value is SSL_TLS.
Enabled SSL Protocols Enter a comma-separated list of SSL protocol versions (TLSv1, TLSv1.1, TLSv1.2 by default).
Common SSL Settings
PeSIT Trust algorithms

Enter the key trust algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.

Enabled Ciphers

Enter the cipher suites to be used with your PeSIT server.

For more information on cipher suites, refer to the SecureTransport Cipher suites topic, part of the SecureTransport 5.4 Security guide.

Enabled FIPS Ciphers

Modify the cipher suite set to be used with your PeSIT server in FIPS mode.

By default, this field is populated with all FIPS compliant TLS cipher suites supported by SecureTransport. For the complete list, see FIPS-compliant TLS cipher suites .

Click the "down arrow" icon on the right to access a drop-down menu with options to select and deselect all items and reset value to the previously saved selection.

For the default PeSIT server, the list of allowed cipher suites in FIPS mode is determined by the Pesit.FIPS.Listeners.Ssl.EnabledCipherSuites configuration option.

Client Certificate

This drop-down list presents the options to define support for certificate use for PeSIT authentication. Possible values are:

Disabled – no certificate authentication is required

Required – the client must authenticate using a certificate

Optional – the client can authenticate either using a certificate or a password

PeSIT over pTCP – to enable editing these options, you must select at least one of the Enable PeSIT over pTCP options listed above
Port Enter the port number for your PeSIT over pTCP connection.
SSL port Enter the SSL port number for secure PeSIT over pTCP connection.
Key Exchange Algorithms

Enter the Key Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.

SSL Key Alias Select an SSL Key Alias from the drop-down list, for example, PeSITd.
SSL Protocol Enter the used SSL protocol group: SSL or TLS (TLS by default). Note that with SecureTransport running on AIX systems, the default value is SSL_TLS.
Trust Algorithms Enter the SSL Trust Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.
PeSIT over Secured Socket (legacy), PeSIT over Secured Socket (legacy & comp) - to enable editing these options, you must select the corresponding option listed above
SSL port Enter the SSL port number for secure PeSIT connection.
Key Exchange Algorithms

Enter the Key Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.

SSL Key Alias Select an SSL Key Alias from the drop-down list, for example, PeSITd.
SSL Protocol Enter the used SSL protocol group: SSL or TLS (TLS by default). Note that with SecureTransport running on AIX systems, the default value is SSL_TLS.
Trust Algorithms Enter the SSL Trust Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.

Once you are finished entering the parameters of your PeSIT server, click Save to create it; or Cancel to discard all changes and return to the Server Control page.

Start and stop a server

You can easily start and stop your PeSIT server.

  • Start your server by clicking the "play" icon:
    A box with a success message pops up on your screen and your server status changes to Running.
  • To stop your server, click the "stop" icon.
    A box with a success message pops up on your screen and your server status changes to Stopped.

You can only start the PeSIT daemon once the Pesit Default server is operating (enabled). Stopping the daemon will stop all underlying started servers. During daemon start, only the enabled servers will be started. In case of PeSIT, an "enabled server" means that you have at least selected either of the available "Enable PeSIT" options.

Edit PeSIT server settings

You can change any of the PeSIT server property values. Note that you can change the server name only when the server is stopped. To update a PeSIT server, click the corresponding "gear" icon:

A new modal box with the PeSIT settings pops up. Add your changes and click Save to apply your changes; or Cancel to discard them.

Delete a PeSIT server

Note You cannot delete or change the name of the "Pesit Default" server from the SecureTransport Administration Tool.

You can only delete a server once it is stopped. You cannot delete a server in Running status.

To delete a server, locate it on the Server Control page, make sure it is stopped and click the corresponding "trashcan" icon:

Related Links