Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

CipherTrust Manager Administration

System Properties

search

Please Note:

System Properties

The CipherTrust Manager allows you to manage user configurable system properties.

Property NameDefault ValueDescription
MAXIMUM_REFRESH_TOKEN_LIFETIMEDescribes the maximum lifetime of a refresh token. This can be an empty string (infinite lifetime) or a sequence of integers with a time unit as a suffix. The valid time units are m and h. For example, 300m, 3h, or 2h45m. The value of the maximum lifetime of a refresh token should be at least 5m.
CERT_REV_CHECK_TIMEOUT5secConfigures the revocation check request timeout for Web (cert user login) and NAE/KMIP clients. The timeout value must be in an integer from 0-600secs, where 0 refers to no timeout. This timeout is for each request.
For example if a certificate contains 3 URLs for the caIssuer and CRL/OCSP, and each URL gets failed in 5sec; then it will take 15sec to complete the authentication call.
ALLOW_UNKNOWN_FIELDSfalseAllows unknown fields in the JSON body from the API calls. If you set this property to true, restart is required for changes to take effect.
ENABLE_RECORDS_DB_STOREtrueStores audit records in the database. If you set this property to false, it deletes the audit records. If syslog is added, it continues to push audit records to the syslog server.
ENFORCE_NAE_CLIENT_VALIDATIONfalseEnforces client validation on the NAE.
ENFORCE_NAE_CLIENT_REGISTRATIONfalseEnforces registered NAE clients to perform the NAE operations.
ENABLE_NAE_CRYPTO_RECORDSfalseEnables the logging for NAE crypto audit records.
ENABLE_NAE_ACTIVITY_LOGSfalseEnables the activity logging for NAE operations.
ENABLE_KMIP_ACTIVITY_LOGSfalseEnables the activity logging for KMIP operations.
ENABLE_CERT_REV_CHECKtrueChecks the client certificates on the NAE/KMIP interface for revocation status. This property is not applicable for user certificate login. For user certificate login, the CRL revocation status is always checked.

Managing user configurable system properties using ksctl

The following operations can be performed:

  • Get details of a property

  • List all properties

  • Modify a property

  • Reset a property

Getting details of properties

To get details of a property, run:

Syntax

ksctl properties get  --name <name of the system configuration>

Example

ksctl properties get --name ENABLE_RECORDS_DB_STORE

Getting list of properties

To list all the configurable system properties, run:

Syntax

ksctl properties list

Updating properties

To modify the value of a property, run:

Syntax

ksctl properties modify --name <property name> --value <value to be set>

Example 1

ksctl properties modify --name ENABLE_RECORDS_DB_STORE --value false

Example 2 

ksctl properties modify --name CERT_REV_CHECK_TIMEOUT --value 10

Changes doesn't reflect immediately. It may take up to 60 seconds on the current node as well as on the clustered nodes.

Resetting properties

To reset the value of a property to default, run:

Syntax

ksctl properties reset --name <property name>

Examples

ksctl properties reset --name ENABLE_RECORDS_DB_STORE