SSL Client Authentication (SSLCAUTH)
The SSLCAUTH attribute specifies whether the channel needs to receive and authenticate a TLS certificate from a TLS client.
The SSLCAUTH attribute is valid on all channel types that can ever receive a channel initiation flow, except for sender channels. This attribute is valid for channel types of:
- Server
- Receiver
- Requester
- Server connection
- Cluster receiver
SSLCAUTH is an optional attribute. Possible values of this attribute are:
- OPTIONAL
- If the peer TLS client sends a certificate, the certificate is processed as normal but authentication does not fail if no certificate is sent.
- REQUIRED
- If the TLS client does not send a certificate, authentication fails.
The default value is REQUIRED.
We can specify a value for SSLCAUTH on a non-TLS channel definition. That is, a channel definition on which the SSLCIPH attribute is missing or blank. We can temporarily disable TLS for debugging by setting the value of SSLCAUTH to OPTIONAL. Therefore we do not have to clear and then re-input the TLS parameters.
For more information about SSLCAUTH, see DEFINE CHANNEL (MQTT) and Securing.
Parent topic: Channel attributes in alphabetical order