|
|
|
The set ssl command lets you configure the behaviour of SSL.
The command only takes effect when the dxserver starts. If you change SSL parameters using the DSA console, values are not changed and the following warning is logged to the warn file:
WARN : Cannot change SSL params once set
This command has the following format:
set ssl = { cert-dir = certificate_directory ca-file = certification_authority [cipher = cipher] [protocol = tls] [fips = true] [pin = pin] [lib = library] [slot = slot] } ;
Identifies the directory that contains certificate and private-key files in PEM format.
Identifies the file that contains trusted certification authority certificates in PEM format.
(Optional) Specifies the ciphers that will be used for SSL and TLS connections.
(Optional) Instructs CA Directory to use TLS instead of SSL 3.0.
Limits: tls
Default: SSL 3.0
(Optional) Specifies to run SSL in FIPS only mode. In this mode, the DSA will only accept FIPS compliant ciphers.
Limits: True
Default: False
(Optional) Specifies the hardware security module (HSM) user PIN. If specified, the private key is used through the HSM. For example:
pin=1234
Limits: Valid PIN
(Optional) Specifies the file containing the pks#11 library supplied by the HSM vendor. For example:
lib="C:\Program Files\Eracom\ProtectToolkit C Runtime\cryptoki.dll"
Limits: Valid path and dll file name
(Optional) Specifies the slot location in the HSM where the corresponding private keys are stored. For example:
slot=2
Limits: Valid slot number
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |