The server_jcs.xml file has the following initial TLS settings:
Note: Manual settings in the server_jcs.properties file can potentially override all these settings.
Specifies the JCS LDAPS certificate store. Specifies a path to the file which contains all the certificates used to verify the identity of the JCS server during inbound LDAPS (TLS) connections. At least one certificate with an accompanying private key issued to represent JCS is placed in this store.
Specifies the password protecting the JCS certificate store specified in ldapsCertificateFile.
Note: The password can either be cleartext or obfuscated. For example:
{ALGORITHM}ciphertext where ALGORITHM would be typically set to 'CACRYPT' . For example, {AES}LQpBXeIjOMGSsGLU
Specifies the JCS wide client certificate store. Specifies a path to the file which contains trusted certificates used to verify the identity of the endpoint server during SSL handshakes. Used for outbound TLS connections made by the connectors themselves, to the endpoint systems they manage. Import any issuer certificates for the endpoints to which TLS connections into this store.
Specifies the certificate store type (JKS or PKCS12).
Specifies the password protecting the connector client store. The same rules apply as for the ldapsCertificatePassword.
If false, specifies that during SSL handshakes, the peer certificate sent by the endpoint to which a connection is made, is not verified for trust. That is, the connectorClientCertStore value is ignored and not required for outbound SSL connections in this configuration. If true, the endpoint host certificate presented to JCS undergoes trust checks against connectorClientCertStore contents.
Default: False
Set to true if verbose SSL handshake information is output to log.
|
Copyright © 2014 CA.
All rights reserved.
|
|