Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- SSL parameters
- Parameter: acceptsharedcert
- Parameter: cacsignon
- Parameter: ciphers
- Parameter: fipsmode
- Parameter: keystoreFile
- Parameter: keystorePass
- Parameter: keystoreType
- Parameter: onewayssl4ws
- Parameter: ssl
- Parameter: sslConnector
- Parameter: sslEnabledProtocols
- Parameter: ssl_reqClientAuth
- Parameter: ssl_trustedClientsJKS
- Parameter: ssl_trustedClientsPwd
- Parameter: trustedsignon
- Parameter: truststoreType
- Web Parameter: cacerts
- Web parameter: CACLogin
- Web parameter: secureLogin
- Web Parameter: ssl
- Web parameter: sslPort
Parameter: acceptsharedcert
Startup parameters change the behavior of the Service Manager server. You can always set a startup parameter from the server's operating system command prompt.
Parameter
acceptsharedcert
Description
This parameter defines how the Service Manager server handles signed SSL certificates from incoming client requests in a Trusted Sign-On configuration.
Caution This functionality works only for the Service Manager Windows and web clients; it does not work for web service client connections, such as Service Request Catalog (SRC), Mobility, and other third-party web service integrations.
When this parameter is set to 0 (default), the Service Manager server validates the signed SSL client certificates by using standard best practices. The validation procedure is described in Secure Sockets Layer (SSL) encryption and server certificates.
Note We recommend that you run the Service Manager server with the default value set for this parameter (acceptsharedcert:0), as it is the most secure mode of operation. Before you modify the default behavior, consider the following alternative workarounds:
-
Do not use the Service Manager Windows client. Instead, use only the Service Manager web tier, as it does not incur the additional maintenance overhead or complexity that is associated with managing numerous signed client SSL certificates.
-
If you must use the Service Manager Windows client in your environment, consider limiting the distribution of this client to a small number of users. This minimizes the additional overhead costs associated with managing numerous Service Manager Windows clients and their unique signed client SSL certificates.
-
Use as many Service Manager Windows clients as are needed, but disable Trusted Sign-On functionality for these users. This eliminates the requirement to generate unique signed client SSL certificates.
When the parameter is enabled (acceptsharedcert:1), the Service Manager server allows Trusted Sign-On connections by using a so-called "shared certificate." TheService Manager server validates the shared certificate using only the following checks:
- Whether the certificate is issued by a trusted certificate authority
- Whether the Common Name attribute of the certificate is in the Service Manager Server's trusted clients keystore
This parameter is provided primarily for use in customer environments where the following conditions are true:
- There is a requirement to allow access to Service Manager through Trusted Sign-On for a large number of Service Manager Windows clients.
- Creating and maintaining the required signed SSL client certificates adds too much maintenance overhead and complexity to IT operations.
By using acceptsharedcert:1, only one client SSL certificate (the "shared certificate") needs to be created and maintained. This significantly minimizes the maintenance overhead costs and complexity that are associated with managing signed SSL client certificates. However, bear in mind the following considerations:
- You must still copy and distribute the shared certificate to individual Service Manager Windows clients before you can successfully use Trusted Sign-On access.
- By using acceptsharedcert:1 you will have minimized your maintenance overhead and complexity of your IT operations at the cost of reduced security in Service Manager. This is due to the two simple "shared certificate" validation checks that the Service Manager server performs when it runs with acceptsharedcert:1. Running the Service Manager server with the recommended default value for the acceptsharedcert parameter provides the most secure method for enabling Trusted Sign-On features because the Service Manager server performs additional validation checks against the client SSL certificate. It is also possible, though unlikely, that if a malicious user obtains the "shared certificate" that user may be able to gain unauthorized access to Service Manager if they can then also defeat the NTLM-based implementation of Trusted Sign-On on the Service Manager Windows client.
Valid if set from
Server's operating system command prompt
Initialization file (sm.ini)
Requires restart of the Service Manager server?
Yes
Default value
0
Possible values
0 (Disabled)
1 (Enabled)
Example usage
Command line: sm -httpPort:13080 -acceptsharedcert:1
Initialization file: acceptsharedcert:1
Related topics
Trusted sign-on
Enter a parameter in the sm.ini file
SSL parameters
Requirements for trusted sign-on
Parameter: ssl_reqClientAuth