CAFILE
|
The name of the file containing the trusted
certificate authority's (CA) certificates. The certificate of the CA that
signed an inbound certificate must reside in this file or in the CAPATH
directory. It is a good idea to store this file on a protected network drive.
If a specified certificate is corrupt, secured transmissions will
fail.
If a certificate is received that is signed by a CA other than the
CA specified by CAFILE, then the CAPATH is searched.
Note: The file name specified may include the path information,
unless a value for parameter CAPATH is specified.
|
Required only for client authentication. |
Required only for server authentication. |
CAPATH
|
The location (path) where the CAFILE resides or
where additional certificates of certificate authorities (CA) reside.
Note: The hash values of the names of the CA certificate files
should be used in this location. Hash names are generated by the OpenSSL tool.
If parameter CAFILE includes location information, the value of
CAPATH should be ".", which is also the CAPATH
default.
|
Required only for client authentication. |
Required only for server authentication. |
CERT_FILE
|
The file containing the participant's digital
certificate. The certificate file may contain the participant's private key. It
is a good idea to store this file on a protected network drive.
Note: The file name specified may include the path information. This
is useful if the certificate is not in the current directory.
|
Always required. |
Required only for client authentication. |
CERT_PSSWD
|
The password for extracting information from the
certificate file specified in the CERT_FILE parameter. It is a good idea to
store this file on a protected network drive.
Note: You can specify a fully qualified file name for this parameter.
In this case, the file name you provide must contain the password.
|
Always required. |
Required only for client authentication. |
KEY_FILE
|
The name of the file containing the server's
private key. This parameter must be specified if the private key is kept
separate from the certificate file. It is a good idea to store this file on a
protected network drive.
Note: The file name specified may include the path information. This
is useful if the certificate is not in the current directory.
|
Always required. |
Required only for client authentication. |
RANDOM_FILE
|
Identifies a text file that contains at least 14
random characters. The random characters in this file are used by the
encryption routines to ensure that encryption itself occurs in a random manner.
Some platforms (such as Solaris) require the use of a random file.
|
Optional |
Optional |
VERIFY
|
The level of certificate verification to
perform. Valid values are:
-
0 (No peer verification occurs.)
-
1 (The application requests that the peer certificate be
verified.)
-
2 (The application requests that the peer certificate be
verified. A fatal condition occurs if there is no certificate.)
-
4 (The application requests that the peer certificate be
verified only once.)
-
8 (The application requests that the issuer name is checked
against the host name.)
Values 1, 2, and 4 can be specified in combination. For example,
if you want to specify both 1 and 2, you would add them and set the VERIFY
parameter to "3".
Note: This parameter must be set to "3" if
you are performing client authentication.
|
Use VERIFY=1 to request a client certificate and
verify that it is sent.
Use VERIFY=2 to force the sending of a client certificate.
Use VERIFY=4 to limit the client certificate request to a single
occurrence.
VERIFY=8 is not valid for server processing.
|
Use VERIFY=0 (the C client default) to request a
certificate but proceed even if certificate errors are found.
Use VERIFY=1 to validate the server certificate.
VERIFY=2 is not valid for client processing.
VERIFY=4 is not valid for client processing.
Use VERIFY=8 to validate that the common name of the received
certificate matches the host name specified in the target entry.
|
VERSION
|
The version of SSL to use for processing. Valid
values range from 1 through 4:
|
Optional |
Optional |