SSL Configuration Parameters
Parameter | Default | Recommended | Description |
---|---|---|---|
Passphrase_Encrypted | no | yes | Specifies whether the client certificate passphrase is encrypted using the PassPhraseEncryption method from the PassPhraseSecure class. You can use this obfuscated passphrase in the Passphrase parameter in the properties file. Possible settings in the Properties file • yes - enables the parameter. To enable, set Passphrase_Encrypted=yes .• no - disables the parameter. For more details of PassPhraseEncryption method, refer to API Definition for PassPhraseEncryption Method. |
Passphrase | No default | It is used for client private key while generating the client certificate in the PFX format. This value is required when client certificate authentication is enabled on the NAE server. When ClientCert Location='MSCertStore', then Passphrase is not used. It is considered only when Protocol is set to ssl. | |
Verify_SSL_Certificate | no | yes | Specify this parameter to enable or disable verification of the CipherTrust Manager IP address/host name against Subject Common Name (CN) or Subject Alternative Name (DNS or IP) in the certificate. Valid values: • yes • no |
Host | blank | blank | This field contains the Common Name or Subject Alternative Name of the Server Certificate on the NAE Server. Valid values: • blank • valid CN/SAN of server certificate Note: • It is recommended to keep the <Host> property blank. It will be fetched from the server certificate provided by the NAE Server at the time of SSL handshake internally.• If CN/SAN value is different for the server certificates used by multiple NAE servers, the <Host> field must be left blank to make an SSL connection. The <Host> field does not support multiple values.• The <Host> property will be deprecated in a future release. |
ClientCert | No default | Specifies the location of the client certificate. The client certificate must be in the PFX format. For Microsoft Cert Store on windows, set the Location='MSCertStore' and pass the Thumbprint as value. For example: <ClientCert Location ='MSCertStore'>ed 16 e0 50 78 7a 0b fb d5 bb 68 19 4c 07 a1 b3 64 5d 9d 1b</ClientCert> If Location='File', it works for all the platforms including windows. For example: <ClientCert Location ='File'>C:\Certificates\clientcred.pfx</ClientCert> ClientCert is required when client certificate authentication is enabled on the NAE server. It is considered only when Protocol is set to ssl. |