ssl-valid-server-dn

ssl-valid-server-dn = <DN-value>

Description

Specifies the distinguished name of the server, which is obtained from the server SSL certificate, that WebSEAL can accept.

Options

<DN-value>

The distinguished name of the server, which is obtained from the server SSL certificate, that WebSEAL accepts. If no value is specified, then WebSEAL considers all domain names valid. We can specify multiple domain names by including multiple ssl-valid-server-dn configuration entries.

Usage: This stanza entry is required if both of the following conditions are true:

• One or more of the cluster server entries use SSL (that is, contains an HTTPS protocol specification in the URL).
• A certificate is required other than the default certificate used by WebSEAL when communicating with the policy server.

Default: None.

Example:

ssl-valid-server-dn = CN=Verify Access,OU=SecureWay,O=Tivoli,C=US

Parent topic: [tfim-cluster:<cluster>] stanza