SSL Configuration Parameters
| Parameters | Default | Description |
|---|---|---|
| Key_Store_Location | no default | Location of the Java keystore that contains the client certificate. The path can be absolute or relative to your application. Don’t use quotes, even if the path contains spaces. |
| Key_Store_Password | no default | Password of the keystore. |
| CA_File | no default | CA certificate that was used to sign the server certificate presented by the CipherTrust Manager to the client. The path specified for this parameter can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. All Key Managers in a clustered environment must have an identical configuration, and thus use same server certificate. You need to point to only one CA certificate in the CA_File system parameter. If you do not supply the CA certificate, your client applications cannot establish SSL connections with any of the servers in the cluster. |
| Cert_File | The client certificate to be presented to the NAE server. This value is required when client certificate authentication is enabled on the NAE server. The certificate must be specified in the .PEM format. If this value is set, the certificate and private key must be present even if the NAE server is not configured to request a client certificate. You should provide the path and file name of the client certificate. The path can be absolute or relative to the application. Do not use quotes when specifying the path, even if it contains spaces. | |
| Key_File | no default | The private key associated with the client certificate specified in the specified in the Cert_File parameter. The client private key must be in PEM-encoded PKCS#12 format. The path specified for this parameter can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. If this value is set, the certificate and private key must be present, even if Key Manager is not configured to request a client certificate. |
| Passphrase | no default | This value is required when client certificate authentication is enabled on the NAE server. Since its value is provided as plaintext, the properties file must have read-only permission for the applications. When ClientCert Location=MSCertStore, this Passphrase is not used. In that case, it should be left blank. |
| Credentials_Encrypted | no | This parameter indicates that the Key Manager username and password are encrypted using PassphraseUtility. If the value is set to yes, and an invalid obfuscated string is set then the application throws an error. Possible setting: — yes — no |
| Passphrase_Encrypted | no | This parameter indicates that client certificate passphrase and keystore password are encrypted using Passphrase or PassphraseUtility. If Key_File parameter is also enabled/used, the passphrase of client private key is also encrypted. — yes — no |
| Client_Cert_Alias | no default | The client certificate sent to the Key Manager when client certificate authentication is enabled. If you have multiple client certificates in a keystore, you might want to specify which client certificate is sent to the Key Manager during the SSL handshake. If you do not specify a client certificate, either in the properties file or programmatically, the first certificate in the keystore is sent to the Key Manager. |
| Client_Cert_Passphrase | No default | The passphrase needed to access the client certificate listed in Client_Cert_Alias. If you specify a value for the Client_Cert_Alias, you should also specify a value for the Client_Cert_Passphrase, otherwise the keystore password is used. |
| SysLog_SSLKeystore | no default | To enable SSL protocol for logging on SysLog Server, set the SysLog_SSLKeystore parameter for the location of the keystore/truststore containing SysLog server certificates and CA certificates. By default, keystore cacert from JRE_HOME/lib/security will be referred in case user does not specify the SysLog_SSLKeystore parameter and uses SSL in the SysLog_Protocol parameter. |
| SysLog_SSLKeystorePassword | no default | To enable SSL protocol for logging on SysLog Server, set the SysLog_SSLKeystore Password parameter for the password of keystore/truststore containing SysLog server certificates and CA certificates. In case user does not specify the SysLog_SSLKeystore parameter, default password of keystore cacert is used. |
