SSL Server Configuration

You can specify SSL parameters for the HTTP connection here.

General

The following are the fields in the SSL Server Configuration for the HTTP connector.

The General section has the following fields.

Field Description
Package The name of the package in which you want to create a shared resource.
Name The name of the shared resource.
Description A short description of the shared resource.

Basic SSL Server Configuration

This contains the following fields.

Field Module Property Description
Identity Store Provider No Used to provide identity store.
Key Alias Name Yes The name of the alias used to access the identity.
Key Alias Password Yes The password for the alias.
Enable Mutual Authentication No Indicates whether the client in the SSL connection authenticates to the server. Selecting this check box displays the identity fields.
Client Auth Type No Select the type of client authentication from the drop-down list. The available types are:
  • optional
  • required
Keystore Provider as Trust Store No The name of a keystore provider resource instance that maintains a keystore that confirms an identity.

Advanced SSL Server Configuration

Use the following fields for advanced SSL server configuration.

Field Module Property Description
SSL Security Provider Yes Optional. The SSL security provider.
Note: This is the name for the JSSE's cryptographic provider implementing SSLContext. If you are using non-default providers, such as PDCS#11 ones, you might want to override it.
SSL Protocol No The SSL protocol to use in the SSL connection. Select from the following options:
  • TLSv1
  • TLSv1.1
  • TLSv1.2
  • SSLv3 – Use of this protocol is discouraged.

The default value is TLSv1.

Selecting a protocol implies the support of higher versions as well.

SSL Cipher Class No The number of bits in the key used to encrypt data:
  • No Exportable Ciphers
  • All Ciphers
  • At Least 128 Bit
  • More Than 128 Bit
  • At Least 256 Bit
  • FIPS Ciphers
  • Explicit Ciphers
Explicit Cipher List Yes A list of ciphers. Enabled when SSL Cipher Class is set to Explicit Ciphers. Use the JSSE format for ciphers names.
Verify Remote Host Name No Indicates whether the name on the server's certificate must be verified against the server's host name.

If the server's host name is different than the name on the certificate, the SSL connection fails. You can verify the name on the certificate against another name by specifying Expected Remote Hostname.

Selecting this check box displays the Expected Remote Hostname field.

Default: This check box is deselected.

Expected Remote Hostname Yes Optional. The expected name of the remote host.

The default is None.