spdsserv.parm Options for TLS

Specifies how TLS is used by SPD Server. The default value is NO, which specifies that client connections are not secured. To enable secure sockets communication, specify YES or PREFERRED. YES specifies that the server requires a secure client connection. A client that is not configured for TLS cannot connect to SPD Server. PREFERRED specifies that a secure connection is made if the client has TLS configured. Clients that are not configured for TLS can connect, but these connections are not secure. For more information, see SSLSECURE= Parameter File Option.

Specifies whether TLS or UNIX domain sockets are used to secure data communication between clients that are on the same host as SPD Server. The default value, NOSSLALLOWUNXDS, specifies to use TLS for both local and remote client/server data communications. For more information, see SSLALLOWUNXDS Parameter File Option.

Specifies the location of the public certificate or certificates for trusted certificate authorities (CA). This option is required to enable TLS.For more information, see SSLCALISTLOC= Parameter File Option.

Specifies the location of the digital certificate for the machine's public key. This option is required to enable TLS. For more information, see SSLCERTLOC= Parameter File Option.

(Optional) Specifies the location of the PKCS #12 encoding package file. When SSLPKCS12LOC= is set, SSLCERTLOC= and SSLPVTKEYLOC= are ignored. For more information, see SSLPKCS12LOC= Parameter File Option.

Used with SSLPKCS12LOC, specifies the password that TLS requires for decrypting the private key. For more information, see SSLPKCS12PASS= Parameter File Option.

Specifies the location of the private key that corresponds to the digital certificate. This option is required to enable TLS. For more information, see SSLPVTKEYLOC= Parameter File Option.

Used with SSLPVTKEYLOC, specifies the password that TLS requires for decrypting the private key. For more information, see SSLPVTKEYPASS= Parameter File Option.

Specifies the name of the issuer of the digital certificate that TLS should use. For more information, see SSLCERTISS= Parameter File Option.

Used with SSLCERTISS=, specifies the serial number of the digital certificate that TLS should use. For more information, see SSLCERTSERIAL= Parameter File Option.

Specifies the subject name of the digital certificate that TLS should use. Use SSLCERTISS= and SSLCERTSERIAL= or SSLCERTSUBJ=. Do not specify both. For more information, see SSLCERTSUBJ= Parameter File Option.

Specifies whether the server should verify the client’s certificate in addition to the server’s certificate. The default is NOSSLCLIENTAUTH. For more information, see SSLCLIENTAUTH Parameter File Option.

Specifies to check a Certificate Revocation List (CRL) when a digital certificate is validated. The default value is NOSSLCRLCHECK. For more information, see SSLCRLCHECK Parameter File Option.

Specifies the location of a Certificate Revocation List (CRL). Used in conjunction with SSLCRLCHECK. For more information, see SSLCRLLOC= Parameter File Option.

Specifies the protocol for exchanging digital certificates at your site. The valid values are ALLOW, DEMAND, NEVER, or TRY. Used in conjunction with SSLCLIENTAUTH. For more information, see SSLREQCERT= Parameter File Option.