Reference Guide › DSA Commands (DXserver Commands) › Commands Reference › set ssl Command—Configure SSL

set ssl Command—Configure SSL

The set ssl command lets you configure the behaviour of SSL.

The command only takes effect when the dxserver starts. If you change SSL parameters using the DSA console, values are not changed and the following warning is logged to the warn file:

WARN : Cannot change SSL params once set

This command has the following format:

set ssl = { cert-dir = certificate_directory ca-file = certification_authority [cipher = cipher] [protocol = tls] [fips = true] [pin = pin] [lib = library] [slot = slot] } ;

• cert-dir

  Identifies the directory that contains certificate and private-key files in PEM format.

• ca-file

  Identifies the file that contains trusted certification authority certificates in PEM format.

• cipher

  (Optional) Specifies the ciphers that will be used for SSL and TLS connections.

• protocol

  (Optional) Instructs CA Directory to use TLS instead of SSL 3.0.

  Limits: tls

  Default: SSL 3.0

• fips

  (Optional) Specifies to run SSL in FIPS only mode. In this mode, the DSA will only accept FIPS compliant ciphers.

  Limits: True

  Default: False

• pin

  (Optional) Specifies the hardware security module (HSM) user PIN. If specified, the private key is used through the HSM. For example:

  pin=1234
  

  Limits: Valid PIN

• lib

  (Optional) Specifies the file containing the pks#11 library supplied by the HSM vendor. For example:

  lib="C:\Program Files\Eracom\ProtectToolkit C Runtime\cryptoki.dll"
  

  Limits: Valid path and dll file name

• slot

  (Optional) Specifies the slot location in the HSM where the corresponding private keys are stored. For example:

  slot=2
  

  Limits: Valid slot number