System Properties
The CipherTrust Manager allows you to manage user configurable system properties.
Property Name | Default Value | Description |
---|---|---|
MAXIMUM_REFRESH_TOKEN_LIFETIME | Describes the maximum lifetime of a refresh token. This can be an empty string (infinite lifetime) or a sequence of integers with a time unit as a suffix. The valid time units are m and h . For example, 300m, 3h, or 2h45m. The value of the maximum lifetime of a refresh token should be at least 5m. | |
CERT_REV_CHECK_TIMEOUT | 5sec | Configures the revocation check request timeout for Web (cert user login) and NAE/KMIP clients. The timeout value must be in an integer from 0-600secs, where 0 refers to no timeout. This timeout is for each request.For example if a certificate contains 3 URLs for the caIssuer and CRL/OCSP, and each URL gets failed in 5sec; then it will take 15sec to complete the authentication call. |
ALLOW_UNKNOWN_FIELDS | false | Allows unknown fields in the JSON body from the API calls. If you set this property to true , restart is required for changes to take effect. |
ENABLE_RECORDS_DB_STORE | true | Stores audit records in the database. If you set this property to false , it deletes the audit records. If syslog is added, it continues to push audit records to the syslog server. |
ENFORCE_NAE_CLIENT_VALIDATION | false | Enforces client validation on the NAE. |
ENFORCE_NAE_CLIENT_REGISTRATION | false | Enforces registered NAE clients to perform the NAE operations. |
ENABLE_NAE_CRYPTO_RECORDS | false | Enables the logging for NAE crypto audit records. |
ENABLE_NAE_ACTIVITY_LOGS | false | Enables the activity logging for NAE operations. |
ENABLE_KMIP_ACTIVITY_LOGS | false | Enables the activity logging for KMIP operations. |
ENABLE_CERT_REV_CHECK | true | Checks the client certificates on the NAE/KMIP interface for revocation status. This property is not applicable for user certificate login. For user certificate login, the CRL revocation status is always checked. |
Managing user configurable system properties using ksctl
The following operations can be performed:
Get details of a property
List all properties
Modify a property
Reset a property
Getting details of properties
To get details of a property, run:
Syntax
Example
Getting list of properties
To list all the configurable system properties, run:
Syntax
Updating properties
To modify the value of a property, run:
Syntax
Example 1
**Example 2 **
Changes doesn't reflect immediately. It may take up to 60 seconds on the current node as well as on the clustered nodes.
Resetting properties
To reset the value of a property to default, run:
Syntax
Examples