Specify the SSL certificate distinguished name (DN)
The CA root certificate stored in a WebSEAL key database file validates that a certificate received from the distributed session cache is authentic. By additionally checking the DN value in the certificate, we can ensure the server certificate received by WebSEAL from the distributed session cache is the expected certificate.
To specify the accepted certificate DN values, use the ssl-valid-server-dn stanza entry in the [dsess-cluster] stanza of the WebSEAL configuration file.
Example
[dsess-cluster] ssl-valid-server-dn = DN-value
- Obtain the server certificate DN value
The ssl-valid-server-dn in the [dsess-cluster] stanza of the WebSEAL configuration file requires the value of the DN found in a valid server certificate sent by the distributed session cache during its communication with WebSEAL.
Parent topic: SSL configuration for WebSEAL and the distributed session cache