|
|
|
In the [crypto] section, the tokens control aspects associated with the cryptography module.
Defines the full pathname to the Certificate Authority (CA) certificate database.
Default: ACInstallDir/data/crypto/def_root.pem
Specifies whether secure socket layer (SSL) protocols are enabled.
If you set this to ssl_only, only SSL V2, SSL V3, and TLS connections are enabled. This means that this computer cannot communicate with computers that do not support SSL, and so cannot communicate with computers that are running versions of CA Access Control earlier than r12.0, which do not support SSL.
Note: Computers that are running CA Access Control r12.0 and later do support SSL.
If the fips_only token is set to 1, the actual communication mode is set to ssl_only in FIPS mode (that is, TLS), and the communication_mode token is ignored.
Valid values are:
Default: non_ssl
Defines the installation directory of CAPKI.
Default: /opt/CA/SharedComponents/CAPKI
Specifies the encryption libraries that the CA Access Control Agent uses to decrypt messages. The Agent attempts to use each library in the list, in turn, until the decryption is successful.
Limits: libaes256, libaes192, libaes128, libdes, libtripledes, libscramble
Default: libaes256, libaes192, libaes128, libdes, libtripledes
This token controls whether CA Access Control works in FIPS only mode. In this mode all non-FIPS functions are disabled.
Valid values:
1 CA Access Control works in FIPS only mode
0 CA Access Control works in non-FIPS mode
Default: 0
Defines the directory for the ETPKI cryptographic library.
Defines the full pathname to the subject private key.
Default: ACInstallDir/data/crypto/sub.key
Defines the port for SSL communications between CA Access Control clients and services.
Default: 5249
Defines the full pathname to the subject certificate.
Default: ACInstallDir/data/crypto/sub.pem
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |