Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks for CAPI

Configuring CADP for C CAPI Properties File

search

Please Note:

Configuring CADP for C CAPI Properties File

This section covers the following topics:

Editing the Properties File

The values in the properties file are case-sensitive. yes is not YES. tcp is not TCP. Follow the example of the default properties file.

You can comment-out values using #. Notice that the properties file is delivered with Cipher_Spec commented-out. You may want to use comments to save settings when troubleshooting. For example, you could store commonly used NAE_IP addresses/hostnames like this:

NAE_IP=10.0.0.2
#NAE_IP=10.0.0.3
#NAE_IP=10.0.0.4

When editing parameters that use time values, you can use the following abbreviations:

  • ms - milliseconds. e.g. 4500ms for 4.5 seconds.

  • s - seconds. e.g. 30s for 30 seconds.

  • m- minutes. e.g. 5m for 5 minutes.

  • h - hours. e.g. 10h for 10 hours.

  • d - days. e.g. 2d for 2 days.

If you do not include an abbreviation, the default time unit is used. For most time-related values, the default is milliseconds. For Symmetric_Key_Cache_Expiry and Persistent_Cache_Expiry_Keys, the default is seconds.

Renaming the Properties File

Although the file is named CADP_CAPI.properties, you can rename the file to any valid name. If you change the name or location of the properties file, make sure to pass the new file name and path in the I_C_Initialize function. CADP for C calls I_C_Initialize to initialize the library.

Modifying Parameters

After you install the client software, you can customize it to meet the need of your environment by modifying the properties file.

Note

If you are upgrading from CADP for C versions prior to 5.1.1 to 6.6.0 or higher, you will notice that the Unreachable_Server_Retry_Period and Maximum_Server_Retry_Period parameters are no longer included in the properties file. These two parameters were available in CADP for C versions prior to 5.1.1.

The Connection_Retry_Interval and Connection_Timeout parameters continue to function in the same way as earlier. You can modify the Connection_Timeout parameter to specify an appropriate time for which a client waits to connect to a CipherTrust Manager before timing out. Specifying a large value for the Connection_Timeout parameter results in delayed switching from one CipherTrust Manager to another.

To achieve the desired Unreachable_Server_Retry_Period, set the Connection_Timeout value using the following formula:

Connection_Timeout = Unreachable_Server_Retry_Period ¸ number of servers in a tier

As trying to connect to an unreachable server again delays the transition to the next tier, the Connection_Timeout value should be large enough to make sure that the server is unreachable.

Likewise, to achieve the desired Maximum_Server_Retry_Period, set the Connection_Timeout value using the following formula:

Connection_Timeout = Maximum_Server_Retry_Period ¸ number of servers in all tiers

Note

The NAE_IP and NAE_Port parameters are used only CipherTrust Manager. The KMIP_Spec_File, KMIP_IP, and KMIP_Port parameters are used only on CipherTrust Manager/KMIP compliant server(s).

Refer to Configuration for details on properties.

On this page