48 • Configuration HP NonStop SSL Reference Manual
SSL client authentication is deactivated.
file
Guardian file name of a DER encoded X.509 client certificate.
Default
If omitted or set to *, HP NonStop SSL will not authenticate itself to the SSL server.
Example
CLIENTCERT $DATA1.SSL.CLNTCERT
Considerations
• This parameter only applies to the run modes PROXYC and FTPC, it will be ignored in other run modes
• A client certificate for testing purposes is delivered as CLNTCERT file on the HP NonStop SSL installation
subvolume to enable quick start installation.
• Client certificates received by a CA such as VeriSign or Thawte in BASE64 format must be converted to DER
format (e.g. with the OpenSSL tools) before they can be used with HP NonStop SSL.
• The client certificate must match the private key file specified by CLIENTKEY.
See also
CLIENTKEY, CLIENTKEYPASS, "Requesting the SSL Client to Present a Client Certificate" in chapter "SSL
Reference"
CLIENTKEY
Use this parameter to specify the file containing the private key associated with the public key contained in the client
certificate configured by CLIENTCERT.
Parameter Syntax
CLIENTKEY file
Arguments
file
file name of a DER encoded PKCS-8 encrypted private key file with PKCS-5 algorithm identifiers.
Default
If omitted, HP NonStop SSL will search for a "CLIENTKEY" file on the default subvolume.
Example
CLIENTKEY $DATA1.SSL.MYKEY
Considerations
• This parameter only applies to the run modes PROXYC and FTPC, it will be ignored in other run modes
• The private key data in the file is password encrypted. For HP NonStop SSL to be able to decrypt the file, the
correct password must be specified by the CLIENTKEYPASS parameter.
• A private key file for testing purposes is delivered as "CLNTKEY" file on the HP NonStop SSL installation
subvolume to enable quick start installation. This private key file matches the test client certificate delivered as
"CLNTCERT". The password for the CLNTKEY file is "test".
See also
To Next Page
Loading...
Need help?
General