SSL Configuration Parameters
Parameters | Default | Description |
---|---|---|
CA_File | no default | Refers to the CA certificate that was used to sign the server certificate presented by the NAE Server to the client. Possible setting: The path and file name – The path can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. Because all CipherTrust Manager servers in a clustered environment must have an identical configuration, all servers in the cluster use the same server certificate. As such, you need to point to only one CA certificate in the CA_File system parameter. If you do not supply the CA certificate that was used to sign the server certificate used by the CipherTrust Manager servers, your client applications cannot establish SSL connections with any of the servers in the cluster. File paths can be absolute or relative. Unless otherwise noted, when prompted for a file, you should specify both a path and file name. If a local CA on the CipherTrust Manager was used to sign the NAE Server certificate, you can download the certificate for the local CA, and put that certificate on the client. |
Cert_File | no default | Stores the path and file name of the client certificate. This is used only when your SSL configuration requires clients to provide a client certificate to authenticate to the CipherTrust Manager servers. Possible setting: The path and file name – The path can be absolute or relative to your application. Don’t use quotes, even if the path contains spaces. Client certificates must be PEM encoded. Note: If this value is set, the certificate and private key must be present, even if the CipherTrust Manager is not configured to request a client certificate. |
Key_File | no default | Refers to the private key associated with the client certificate specified in the Cert_File parameter. Possible settings: The path and file name – The path can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. The client private key must be in PEM-encoded PKCS#12 format. Because this key is encrypted, you must use the Passphrase parameter so the CipherTrust Manager can decrypt it. Note: If this value is set, the certificate and private key must be present, even if the CipherTrust Manager is not configured to request a client certificate. |
Passphrase | no default | Refers to the passphrase associated with the private key. Possible setting: The passphrase associated with the private key named in Key_File .If you do NOT provide this passphrase, the client attempts to read the passphrase from standard input; this causes the application to hang. Note: Remember that the properties file is NOT encrypted. Make sure that this file resides in a secure directory and has appropriate permissions so that it is readable only by the appropriate application or user. |
Passphrase_Encrypted | no | Refers to the enabling the passphrase associated with the keystore. Possible settings: •yes: set this value, if you want to obfuscate the passphrase •no: set this value, if you do not want to obfuscate the passphrase. |