jct-cert-keyfile

jct-cert-keyfile = file_name

Description

WebSEAL provides an option to configure a separate certificate key database for junction SSL operations rather than sharing the one used for client certificates specified in the [ssl] stanza. The jct-cert-keyfile parameter specifies the junction certificate keyfile. If this option is enabled, this is the keyfile used for CA and client certificates when negotiating SSL sessions with junctions. This stanza entry is commented out in the WebSEAL configuration file. To enable the option of using a separate certificate key database for junctioned servers, create the pdjct.kdb keyfile (and optional stash file) using iKeyman, and uncomment the options jct-cert-keyfile and jct-cert-keyfile-stash in the configuration file.

Options

file_name

The name of the optional, separate junction certificate keyfile.

If jct-cert-keyfile is defined, jct-cert-keyfile-stash must also be defined.

Usage:

This stanza entry is optional.

Default:

pdjct.kdb

Example:

jct-cert-keyfile = pdjct.kdb

Parent topic: [junction] stanza