Administer > System configuration parameters > SSL parameters > Parameter: ssl_reqClientAuth

Parameter: ssl_reqClientAuth

Startup parameters change the behavior of the Service Manager server. You can always set a startup parameter from the server's operating system command prompt.

Parameter

ssl_reqClientAuth

Description

This parameter defines whether the Service Manager server requires signed certificates from all incoming client requests. Enable this parameter to limit access to the Service Manager server to only those clients that present signed certificates.

When enabled, clients can no longer connect to the Service Manager server using the server's certificate for anonymous SSL. Each client must have its own signed certificate. If you enable this parameter with the value ssl_reqClientAuth:2, in addition to presenting client certificates, the server validates each client certificate against a list of trusted clients as defined by the ssl_trustedClientsJKS parameter. Using ssl_trustedClientsJKS with the value ssl_reqClientAuth:2 is required when using the Trusted Sign-On features of Service Manager (trustedsignon:1). The server only allows connections from clients with certificates in the trusted clients list.

Valid if set from

Server's operating system command prompt

Initialization file (sm.ini)

Requires restart of the Service Manager server?

No

Default value

0

Possible values

0 (Disable)

1 (Enable – require client certificates)

2 (Enable – require client certificates and require clients to be on the list of trusted clients)

Example usage

Command line: sm -httpPort:13080 -ssl_reqClientAuth:1

Initialization file: ssl_reqClientAuth:1

Related topics

System parameters
Enter a parameter in the sm.ini file
SSL parameters
Servlet parameters