BW 5 SSL Properties

问:

没有RootCA如何通过证书验证?  No Way yet !

问:

没有中间子证书但是有RootCA如何通过证书验证:

java.property.com.tibco.security.NoExplicitCAChain=true


All the properties worthy tests are like below:

-------------------------------------------------------------------------------------

 java.property.com.tibco.security.NoExplicitCAChain=true

 java.property.com.tibco.security.CheckRevocation=true

 java.property.com.tibco.security.EntrustLast=true

 java.property.TIBCO_SECURITY_VENDOR=j2se

-------------------------------------------------------------------------------------

Please find the answers inline.

1. Our goal is to keep only root CA certificate in the trust folder and remove all server/client cert and intermediate certs. Can we accomplish this by setting the below property in the bw app .tra file?

java.property.com.tibco.security.NoExplicitCAChain=true

Yes, in general BW has an explicit trust model. i.e. client would only establish an SSL connection if it was able to verify a full chain of trust from the server's certificate to a  root certificate. By setting NoExplicitCAChain to true, we can work around the explicit model, which will not require the full certificate chain to be present.

2. What is the benefit of the below property?

#enable revocation checks

java.property.com.tibco.security.CheckRevocation=true

-------------------------------------------------------------------------------------

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容