SSL Configuration Parameters
Parameter | Default | Description |
---|---|---|
Client_Cert_Alias | No default | The Client_Cert_Alias parameter specifies the client certificate sent to Key Manager when client certificate authentication is enabled. If you have multiple client certificates in a keystore, you might want to specify which client certificate is sent to Key Manager during the SSL handshake. If you do not specify a client certificate in the properties file, the first certificate stored in the keystore is sent to Key Manager.Note:If you specify a Client_Cert_Alias you must specify a Client_Cert_Passphrase , otherwise, the Key_Store_Password will be used. |
Client_Cert_Passphrase | No default | The Client_Cert_Passphrase parameter specifies the passphrase needed to access the client certificate listed in Client_Cert_Alias. If you specify a value for the Client_Cert_Alias , you should also specify a value for the Client_Cert_Passphrase , otherwise the keystore password is used.Note: Remember that the properties file is NOT encrypted. Make sure that this file resides in a secure directory and has appropriate permissions so that it is readable only by the appropriate application or user. |
Key_Store_Location | No default | The Key_Store_Location parameter specifies the location of the Java keystore that contains the client certificate. The path can be absolute or relative to your application. Don’t use quotes, even if the path contains spaces. |
Key_Store_Password | No default | The Key_Store_Password parameter specifies the keystore password.Note: Remember that the properties file is NOT encrypted. Make sure that this file resides in a secure directory and has appropriate permissions so that it is readable only by the appropriate application or user. |
CA_File | No default | The CA_File parameter refers to the CA certificate that was used to sign the server certificate presented by the NAE Server to the utility.Possible setting —The path and file name– The path can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. Because all Key Manager servers in a clustered environment must have an identical configuration, all servers in the cluster use the same server certificate. As such, you need to point to only one CA certificate in the CA_File system parameter. If you do not supply the CA certificate that was used to sign the server certificate used by Key Manager servers, the utility cannot establish SSL connections with any of the servers in the cluster.File paths can be absolute or relative. Unless otherwise noted, when prompted for a file, you should specify both a path and file name. If a local CA on Key Manager was used to sign the NAE Server certificate, you can download the certificate for the local CA, and put that certificate on the utility. |
Cert_File | No default | The Cert_File parameter stores the path and file name of the client certificate. This is used only when your SSL configuration requires clients to provide a client certificate to authenticate to Key manager servers.Possible setting —The path and file name–The path can be absolute or relative to your application. Don’t use quotes, even if the path contains spaces. Client certificates must be PEM encoded. Note: If this value is set, the certificate and private key must be present, even if Key Manager is not configured to request a client certificate. |
Key_File | No default | The Key_File parameter refers to the private key associated with the client certificate specified in the Cert_File parameter.Possible setting —The path and file name–The path can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. The client private key must be in PEM-encoded PKCS#12 format. Because this key is encrypted, you must use the Passphrase parameter so that Key Manager can decrypt it.Note: If this value is set, the certificate and private key must be present, even if Key Manager is not configured to request a client certificate. |
Passphrase | No default | The Passphrase parameter refers to the passphrase associated with the private key.Possible setting —The passphrase associated with the private key named in the Key_File parameter.Caution: If you do NOT provide this passphrase, the client attempts to read the passphrase from standard input; this causes the application to hang. Note: Remember that the properties file is NOT encrypted. Make sure that this file resides in a secure directory and has appropriate permissions so that it is readable only by the appropriate application or user. |