SSL Settings

SSL Settings have two tabs: General tab and Extra tab.
  • The General tab settings are required for all SSL transfers.
  • The Extra tab settings are optional and are used only when additional tracing or certificate authorization is required.

General tab



Field Description
Private Key Password The password or passphrase must be entered for MFT Platform Server to access the private key file for data encryption or decryption. Asterisks are displayed in the box as the password is entered to ensure the security of the private key file.
Certificate File In the Certificate File text box, enter the drive, path, and file name of the base64 encoded certificate to be used by MFT Platform Server. This certificate is presented when MFT Platform Server is acting as the client. A browse button is provided to the right of the text box to facilitate this process.
Private Key File In the Private Key File text box, enter the drive, path, and file name of the base64 encoded private key to be used when MFT Platform Server is decrypting received data. A browse button is provided to the right of the text box to facilitate this process.
Trusted Authority File In the Trusted Authority File text box, enter the drive, path, and file name of the base64 encoded file containing the trusted authority certificates of CA , which recognizes all the certificates used in the platform server deployment that MFT Platform Server can accept from clients. A browse button is provided to the right of the text box to facilitate this process.
Protocols: SSLV3, TLSV1, TLSV1.1, TLSV1.2 To define the protocols accepted for SSL transfers, select the check box to the left of the protocol.
Ciphers: OpenSSL Cipher List In the OpenSSL Cipher List text box, enter the cipher suite name used in the Client and Server TLS negotiation. When not defined, the default OPENSSL TLS ciphers will be used. You can use the Test button to validate the cipher name.
Note: To perform SSL transfer successfully, you must use the same cipher suite for the server and client.

Extra tab

Field Description
Enable Trace Select this check box to enable tracing. When this check box is selected, the other fields in this section become available. Although SSL tracing is optional, when it is selected, the Initiator Trace File and Responder Trace File fields are required. Tracing should only be turned on at the request of TIBCO Technical Support.
Check Client Certificates Select the Check Client Certificates check box if you want to perform client authentication in addition to server authentication. If this check box is not selected, only server authentication is performed. Selecting the Check Client Certificates check box also enables the Authorization File text box in the Server Settings section of this panel. An authorization file can be entered for additional security if Check Client Certificates is selected.
Initiator Trace File In the Initiator Trace File text box, enter the drive, path, and file name of the file to be used for tracing information when acting as the initiator of the transfer. A browse button is provided to the right of the text box to facilitate this process.
Responder Trace File In the Responder Trace File text box, enter the drive, path, and file name of the file to be used for tracing information when acting as the responder of the transfer. A browse button is provided to the right of the text box to facilitate this process.
Authorization File To enter an authorization file, select the Check Client Certificates check box in the Server Settings section. In the Authorization File text box, enter the drive, path, and file name of the file to be used for additional certificate checking. A browse button is provided to the right of the text box to facilitate this process. The authorization file supports you to exclude and include certificates based on components of the distinguished name (namely the user name, company, division, serial number, and so on) as well as by date and time. This is an optional component of SSL transfers, and can only be implemented if client authentication is performed (namely the Check Client Certificates check box is selected).
Check Remote Certificate Select the Check Remote Certificate box if you want to have the platform server check the published Certificate Revocation List (CRL). A CRL list is a list of digital certificates, more specifically of serial numbers for certificates that have been revoked. Therefore, the SSL transfers based on revoked certificates are no longer performed. For more information on CRL, see

http://www.ietf.org/rfc/rfc3280.txt.

CRL Directory

Defines the path where the CRL checking looks for the hashed file names.