Use this page to specify the security settings to be used with this Directory Server.
- Enabled
- Check this to specify that the directory server will use a TLS connection.
- TLS Port
- The port the directory server will use for TLS connections.
- Use Custom Certificates
- If this is not checked, the default DemoCA root certificate, server certificate, keyfile and passphrase that are installed
with the product will be used. For production purposes
Micro Focus recommends that the default certificates are not used, and that the customers own certificates are specified. In addition,
the MF_ROOT_CERT environment variable will need to be set so that the MF directory server process can pick up the value of
the root certificate path.
- Certificate File
- Specifies the absolute path to the certificate file (.pem). If multiple certificates are used, separate the paths with a semicolon ';'.
- Keyfile
- Specifies the absolute path to the keyfile (.pem).
- Keyfile Password
- The password for the keyfile specify it here. If multiple keyfiles are used, separate the passwords with four colons '::::'.
ADVANCED
- Certificate Password
- If the certificate is locked with a password, specify it here. If multiple certificates are used, then separate the passwords
with two colons '::'.
- Honor Server Cipher List
- By default, the Honor Server Cipher List is checked. This forces clients to use the protocols and cipher suites specified
in order of their priority.
- Protocols
- The list of TLS protocols to be used, in order of precedence. Each specified protocol is preceded by one of the following
operators:
- !
- Exclude. Permanently exclude the protocol and ignore any subsequent attempt to add the protocol back in.
- +
- Add. Add the protocol to the existing collection.
- -
- Delete. Delete the protocol from the existing collection. For example, to only use TLS1.1 and TLS1.2, type:
-ALL+TLS1.1+TLS1.2
Note: The Protocols field now supports TLS1.3.
- Cipher Suites
- Specifies the priority of cipher suites to be used. The cipher suite priority is formed using a combination of keywords and
keyword modifiers for a space-separated string:
- !
- Exclude. Permanently exclude the cipher suite and ignore any subsequent attempt to add the cipher suite back in.
- +
- Add. Add the cipher suite to the end of the collection.
- -
- Delete. Delete the cipher suite from the existing collection. By default, the following cipher suite list is used:
kEECDH+ECDSA kEECDH kEDH HIGH MEDIUM +3DES +SHA !RC4 !aNULL
!eNULL !LOW !MD5 !EXP
- Diffie-Hellman Minimum Group Size
- Specifies the size in bits of the modulus length of the Diffie-Hellman group:
- Default
- 512 bit
- 1024 bit
- 2048 bit
- 4096 bit
Note: Micro Focus recommends a minimum modulus size of 2048 bits.
- Key Exchange Cipher Groups
- The key exchange cipher groups to be used, separated by semicolons ';'. For example:
secp521r1;secp384r1;prime256v1;secp256k1;secp224r1;secp224k1;prime192v1