What application are you going to use in port 8888? Without knowing that, we cannot give a specific answer.
Here's some generic information.
An application can be built in several different ways:
1.) The simple way: the application uses inetd to handle the real network connections. This is mostly used by small network service applications.
In this case, you set a name for your service and associate it with the port 8888 by writing a line in /etc/services. Then you add a line to /etc/inetd.conf to describe what you want started up when someone connects to the port. The inetd process will then open the port to "listen" for new connections.
2.) The semi-standalone way: the application handles the network connections itself, but refers to the port internally by some name. It asks the operating system to translate the port name to a port number, and then it uses that port number.
In this case, you must read the documentation of the application to find out the correct name, and then associate that name with the port 8888 by writing a line in /etc/services. Then you just start the application, and the application opens the port for use.
3.) The completely standalone way: there is a place for a port number in the application's configuration.
In this case, you just put "8888" in there and start the application. The application does all the rest.
If someone has installed an IPFilter or some other form of extra security, you may have to change also that security configuration to allow the connections succeed. IPFilter configuration is probably at /etc/opt/ipf/
if you're using a HP-supported version of IPFilter.
SSL is always done in the application level: nothing needs to be done with the operating system to "enable" SSL.
However, if you have an application that cannot do SSL on its own, you must use a SSL wrapper program to make it SSL-capable. "stunnel" is one such program. It is available for free at
http://www.stunnel.org.If you need to receive SSL connections, you must always have a SSL certificate.
You can make one yourself, but then nobody will trust it automatically, and the client connecting to your server will get a "untrusted certificate - do you really want to connect? (y/n)" messages. You can buy a certificate from companies like VeriSign or Thawte, and most clients can automatically verify that they are valid.
When you are getting a SSL certificate, you must remember that the certificate is tied to the DNS name of the server, *as seen by the client*. If you buy a certificate and then change the server's name, you have just wasted some money.
MK
