SSL Configuration Parameters
| Parameter | Default | Description |
|---|---|---|
| Client_Cert_Alias | The client certificate sent to the Key Manager when client certificate authentication is enabled. If you have multiple client certificates in a keystore, you might want to specify which client certificate is sent to the Key Manager during the SSL handshake. If you do not specify a client certificate, either in the properties file or programmatically, the first certificate in the keystore is sent to the Key Manager. | |
| Client_Cert_Passphrase | The passphrase needed to access the client certificate listed in Client_Cert_Alias. If you specify a value for the Client_Cert_Alias, you should also specify a value for the Client_Cert_Passphrase, otherwise the keystore password is used.Remember that the properties file is NOT encrypted. Make sure that this file resides in a secure directory and has appropriate permissions so that it is readable only by the appropriate application or user. | |
| Key_Store_Location | The location of the Java keystore that contains the client certificate. The path can be absolute or relative to your application. Don’t use quotes, even if the path contains spaces. | |
| Key_Store_Password | The keystore password. Remember that the properties file is NOT encrypted. Make sure that this file resides in a secure directory and has appropriate permissions so that it is readable only by the appropriate application or user. | |
| CA_File | The CA certificate that was used to sign the server certificate presented by the NAE Server to the client. The path specified for this parameter can be absolute or relative to your application. Do not use quotes, even if the path contains spaces.Because all Key Manager servers in a clustered environment must have an identical configuration, all servers in the cluster use the same server certificate. As such, you need to point to only one CA certificate in the CA_File system parameter. If you do not supply the CA certificate that was used to sign the server certificate used by the Key Manager servers, your client applications cannot establish SSL connections with any of the servers in the cluster. | |
| Cert_File | The parameter stores the path and file name of the client certificate. This is used only when your SSL configuration requires clients to provide a client certificate to authenticate to the Key Manager servers. The path specified for this parameter can be absolute or relative to your application. Don’t use quotes, even if the path contains spaces. Client certificates must be PEM-encoded. If this value is set, the certificate and private key must be present, even if Key Manager is not configured to request a client certificate. | |
| Key_File | The private key associated with the client certificate specified in the specified in the Cert_File parameter. The path specified for this parameter can be absolute or relative to your application. Do not use quotes, even if the path contains spaces. The client private key must be in PEM-encoded PKCS#12 format.If this value is set, the certificate and private key must be present, even if Key Manager is not configured to request a client certificate. | |
| Passphrase | Passphrase to unlock the client private key specified in the Key_File parameter. This value is required when client certificate authentication is enabled.Since the value is in the clear text, this properties file must have its permission restricted so that it can be read only by the applications that are to have legitimate access to it. | |
| Credentials_Encrypted | This parameter indicates that the Key Manager username and password are encrypted using PassphraseUtility. The default value is set to no but if the value is set to 'yes' and an invalid obfuscated string is set then the application throws an error. | |
| Passphrase_Encrypted | This parameter indicates that specified parameters Client_Cert_Alias and Client_Cert_Passphrase are encrypted using PassphraseUtility. Possible values are yes and no. The default value is set to no. | |
| SysLog_SSLKeystore | To enable SSL protocol for logging on SysLog Server, set the SysLog_SSLKeystore parameter for the location of the keystore/truststore containing SysLog server certificates and CA certificates. By default, keystore cacert from JRE_HOME/lib/security will be referred in case user does not specify the SysLog_SSLKeystore parameter and uses SSL in the SysLog_Protocol parameter. | |
| SysLog_SSLKeystorePassword | To enable SSL protocol for logging on SysLog Server, set the SysLog_SSLKeystorePassword parameter for the password of keystore/truststore containing SysLog server certificates and CA certificates. In case user does not specify the SysLog_SSLKeystore parameter, default password of keystore cacert is used.If client side authentication is used for establishing SSL connection to the SysLog Server, the passphrase of the private key associated with the client certificate must be same as the one specified in the |
