During a day with almost 12 full hours of briefings and discussions with HP’s e3000 engineers, attendees at the first SIG 3000 meeting in Sunnyvale, Calif. learned HP plans to keep its Web server current and include 128-bit full-strength encryption in the release this May.

OnOn Hong, the engineer at the e3000 division (CSY) who’s leading the Web server porting team, told about 65 attendees at the SIG summit that the MPE/iX Web Server Secure Edition is based on Apache 1.3.9, a more advanced version than the Standard Edition being bundled with MPE/iX 6.5.

“In addition to the standard Web Server features, we are going to support a full-strength, 128-bit RSA encryption, X.509 digital certificate authentication and the new feature of Apache, the Dynamic Shared Objects,” Hong said. “As you can see, we are evolving. That’s our goal and direction — to help our customers to evolve. Of course, to do this, our product needs to evolve.”

The evolution to the Secure Edition of the Web Server will begin in May. That’s when customers will be able order the product at a cost of $1,200 - $1,900 per server, according to HP’s Loretta Li Sevilla. The Secure Edition pricing is tier-based; the base Web Server, known as the Standard Edition, is bundled with MPE/iX 6.5 and can be downloaded from HP’s Web site for 5.5 and 6.0 sites as well. The Secure Edition begins beta tests with 6.0 sites in March; customers can still sign up for the beta of the Secure Web server by contacting Hong at onon_hong@hp.com.

HP will be including a utility which generates keys, Certificate Signing Requests (CSRs) and security certificates with the Secure Edition. SSL encryption capability for both versions 2.0 and 3.0 of the SSL standard is built into the Secure Edition binaries.

Any secure Web server requires a unique private key and server certificate to establish a secure communication session, Hong said. “The software comes with a default private key, but it’s not unique — it’s only for the initial testing. Don’t use it as a production certificate.” The utility shipped with the Secure Edition can generate a private key for the server, then use that private key to create a CSR. CSR includes a public key, Web server identity, and company name.

Customers will have to sign their CSR to convert it into a real certificate. They can then submit the CSR to an external trusted Certificate Authority, such as Verisign. Hong said customers can sign their own CSR.