Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Configuring CADP_for_JAVA.properties File

Network Configuration Parameters

search

Network Configuration Parameters

ParametersDefaultDescription
NAE_IP.1No defaultThe IP address or the Hostname of the Key Manager. When using load balancing , specify multiple IP addresses/Hostnames separated by colons (:). For example, 192.168.1.10:192.168.1.11:192.168.1.12. These servers must have the same value for the NAE_Port parameter. For IPv6, the IP address is to be specified in curly braces, such as {2002:0dc8:85k3:0000:0000:9a2e:0370:5221}. Also, combination of IPv4 and IPv6 addresses can be used separated by colons (:) provided each IPv6 address is within {}.

— IPv6 is supported for CipherTrust Manager.
— It is recommended to use the hostname in NAE_IP.1 parameter. To use the hostname, map the Key Manager's IP with Hostname in the system's host file. Also, a hostname can have multiple IP addresses.
— When hostnames are specified in the NAE_IP.1 parameter and each hostname have multiple IPs:
— — The IPs at a hostname are randomly selected when new connection to Key Manager is requested. And if a particular IP is not available, it is marked as down for the duration = (the number of IPs returned by DNS resolution when the application first starts * value of Connection_Timeout).
— — The Size_of_Connection_Pool is maintained at the hostname level and not on the number of IPs for the hostname.

NAE_Port9000The port on which the client will communicate with the server. Your client must use the same port as the server.
KMIP_Port5696The port on which the client will communicate with the server. Your client must use the same port as the server.
ProtocolThe protocol used to communicate between the client and the Key Manager. Clients and servers must use the same protocol. Can be either tcp or ssl. The ssl option uses TLSv1.2.

It is recommended to gradually increase security after confirming connectivity between the client and the Key Manager. Once you have established a TCP connection between the client and server, it is safe to move on to SSL. Initially configuring a client under the most stringent security constraints can complicate troubleshooting. You can’t gradually secure the KMIP port, so this approach is not an option on Key Manager.

Ignore_DNS_Resolution_FailureTo ignore DNS Resolution failure at the time of Initialization, set Ignore_DNS_Resolution_Failure to true. This means if DNS resolution fails then initialization does not fail and CT-V fetches the key from the persistent cache, if enabled.
Possible settings:
true: The feature is enabled. So, even on DNS resolution failure or invalid IP, the initialization does not fail.
false: The feature is disabled. On DNS resolution failure the initialization fails. This is the recommended setting.

On this page