|
|
|
The server_jcs.xml file has the following initial TLS settings:
Note: Manual settings in the server_jcs.properties file can potentially override all these settings.
Specifies the Java CS LDAPS certificate store. Specifies a path to the file which contains all the certificates used to verify the identity of the Java CS server during inbound LDAPS (TLS) connections. At least one certificate with an accompanying private key issued to represent Java CS is placed in this store.
Specifies the password protecting the Java CS certificate store specified in ldapsCertificateFile.
Note: The password can either be cleartext or obfuscated. For example:
{ALGORITHM}ciphertext where ALGORITHM would be typically set to 'CACRYPT' . For example, {AES}LQpBXeIjOMGSsGLU
Specifies the Java CS wide client certificate store. Specifies a path to the file which contains trusted certificates used to verify the identity of the endpoint server during SSL handshakes. Used for outbound TLS connections made by the connectors themselves, to the endpoint systems they manage. Import any issuer certificates for the endpoints to which TLS connections into this store.
connectorClientCertStoreType
Specifies the certificate store type (JKS or PKCS12).
Specifies the password protecting the connector client store. The same rules apply as for the ldapsCertificatePassword.
If false, specifies that during SSL handshakes, the peer certificate sent by the endpoint to which a connection is made, is not verified for trust. That is, the connectorClientCertStore value is ignored and not required for outbound SSL connections in this configuration. If true, the endpoint host certificate presented to Java CS undergoes trust checks against connectorClientCertStore contents.
Default: False
Set to true if verbose SSL handshake information is output to log.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |