SSL Client Provider

The SSL Client Provider resource template maintains the credentials required by an SSL client.

General

Property Required? Editable? Accepts SVars? Description
Keystore Provider as Trust Store Y Y N The name of a Keystore Provider resource instance that maintains a keystore that confirms an identity.
Enable Access to Trust Store N N N Enable access to a trust credential store.

In order to establish SSL connections certain third-party systems, such as MySQL, require access to a keystore file location. In such situations Administrator provides a copy of the credentials in a keystore which are then written to disk and used by the third party as the SSL credential store.

Default: Checked.

Property Required? Editable? Accepts SVars? Description
Enable Mutual Authentication N Y N Indicate whether the client in the SSL connection will authenticate to the server. When checked, the identity fields are enabled.

Default: Unchecked.

Property Required? Editable? Accepts SVars? Description
Identity Store Provider Y Y N Name of Keystore Provider resource that maintains a keystore used to assert an identity.
Enable Access to Identity Provider N N N Enables access to an identity keystore. To establish SSL connections, certain third-party systems such as MySQL require access to a keystore file location. In such situations Administrator provides a copy of credentials in a keystore, which are then written to disk and used by the third party as the SSL credential store. To prevent Administrator from providing credentials, uncheck the checkbox.

Default: Unchecked.

Key Alias Name Y Y Y Name of the alias used to access the identity.

Default: None.

Key Alias Password Y Y N Password for the alias.

(Administrator only) For superusers, passwords display encrypted. For non-superusers, the password doesn't display even if it was set when it was created. If you have permission to edit the password, you can specify a new value and save. If you edit other fields, the old value for the password field is retained. If you want to set an empty value as password, click the link Set Blank Password.

Advanced

Property Required? Editable? Accepts SVars? Description
SSL Security Provider N Y N Optional. The SSL security provider.
SSL Protocol N Y N The SSL protocol to use in the SSL connection:
  • SSLv3
  • TLSv1

Default: TLSv1.

SSL Cipher Class N Y N The number of bits in the key used to encrypt data:
  • No Exportable Ciphers
  • At Least 128 Bit
  • More Than 128 Bit
  • At Least 256 Bit
  • FIPS Ciphers
  • All Ciphers
  • Explicit Ciphers
The greater the number of bits in the key (cipher strength), the more possible key combinations and the longer it would take to break the encryption.

Default: At Least 128 Bit.

Explicit Cipher List N Y Y A list of ciphers. Enabled when SSL Cipher Class is set to Explicit Ciphers. Use the JSSE format for ciphers names.

Default: None

Verify Remote Hostname N N N Indicate whether the name on the server's certificate must be verified against the server's hostname. If the server's hostname is different than the name on the certificate, the SSL connection will fail. The name on the certificate can be verified against another name by specifying Expected Remote Hostname. When checked, the Expected Remote Hostname field is enabled.

Default: Unchecked.

Expected Remote Hostname N Y Y Optional. The expected name of the remote host.

Default: None