Description - This provider creates a reusable configuration for providing authentication and data encryption via TLS/SSL.

Runtime Class - com.iwaysoftware.eclipse.template.SslContextProviderType

Parameter Groups

• TLS/SSL
• Session
• PKIX
• Revocation
• Advanced

	Parameter	Type	Description
*	Keystore:	string	Configured Security Provider for the keystore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Keystores hold private keys. Click below for a definition: Keystore Configuration
*	Truststore:	string	Configured Security Provider for the truststore you wish to use for this SSL context. Choose "default" to use the default SSL Keystore Provider. Truststores hold the certificate of Trusted CAs used to verify peer certificates. Click below for a definition: Keystore Configuration
*	Security Protocol:	string	Specify the version of security protocol that should be used. During SSL handshake, a negotiation selects the protocol to be used from the best mutually supported. This field sets the minimum acceptable security protocol. If the handshake cannot select a mutually supported protocol, the connection fails. Select from one of the following options: Default {Default} SSL {SSL} SSLv3 {SSLv3} TLS {TLS} TLSv1 {TLSv1} TLSv1.1 {TLSv1.1} TLSv1.2 {TLSv1.2}
	Hostname Verification:	boolean	If true, client SSL connections using this provider will attempt to verify that the server's certificate matches its host name.
	Client Authentication:	boolean	If true, servers using this provider will use SSL client authentication, that is, the server must receive and authenticate a certificate from the client as part of the SSL handshake.

* - denotes required

	Parameter	Type	Description
	Cache Size:	integer	The maximum number of SSL sessions that will be retained in the session cache. Sessions in the cache can be reconnected with less overhead than those not cached.
	Timeout:	integer	Maximum length of time (in seconds) that an SSL session can remain in the cache.

* - denotes required

	Parameter	Type	Description
	JCE PKIX Trust Manager Provider:	string	JCE provider to construct PKIX Trust Manager. Choose 'Not Specified' for default. Select from one of the following options: NOT_SPECIFIED {NOT_SPECIFIED} SunJSSE {SunJSSE}
	JCE Signature Provider:	string	JCE provider used to verify digital certificate signatures during handshake. Select from one of the following options: NOT_SPECIFIED {NOT_SPECIFIED} SUN {SUN} SunRsaSign {SunRsaSign} SunEC {SunEC} SunJSSE {SunJSSE} SunMSCAPI {SunMSCAPI}

* - denotes required

	Parameter	Type	Description
	Certificate Store:	string	Certificate store from which certificate revocation lists are loaded. Click below for a definition: null null Keystore Configuration LDAP Configuration
	Enable Certificate Revocation:	boolean	Enable CRL or OCSP checking of certificates during handshake.

* - denotes required

	Parameter	Type	Description
	JCE SSL Context Provider:	string	JCE Provider for the SSL Context Select from one of the following options: NOT_SPECIFIED {NOT_SPECIFIED} SunJSSE {SunJSSE}
	Server Key Alias:	string	Alias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
	Client Key Alias:	string	Alias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
	OCSP Responder:	string	Name of the OCSP Responder provider. This verifies the status of certificates online instead of relying on Certificate Revocation Lists. Click below for a definition: null
	Enabled Cipher Suites:	string	If supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. The user must take care that enabled cipher suites are supported by other components specified. Enter as comma-delimited list or use FILE() function. If left blank, all available cipher suites will be enabled and be available during SSL negotiation.

* - denotes required

Description - SSH Client is the repository of all host SSH keys and the client's private keys.

 

Runtime Class - com.iwaysoftware.eclipse.template.SshClientProviderType

 

Parameter Groups

• Main

	Parameter	Type	Description
*	User Name	string	User ID on the SSH-enabled server
	Password	password	User's password on the SSH-enabled server
	Private Key	string	Path to the private key file for public-key authentication.
	Passphrase	password	Passphrase used to protect the Private Key
	Validate Host Keys	boolean	If set to true keys sent from SSH hosts are validated; if valid the keys are cached by this server. If false then any host key will be accepted by this server.
	Host Key Repository	string	Path to the Known Host Keys repository on this server.

* - denotes required

Description - An Online Certificate Status Protocol responder is an online service that verifies the validity of certificates. OCSP removes the need for Certificate Revocation Lists by delegating the task to a centralized server.

Runtime Class - com.iwaysoftware.eclipse.template.OcspResponderProviderType

Parameter Groups

• OCSP Responder Definition

	Parameter	Type	Description
*	Responder URL	string	Location of the OCSP responder. For example http://ocsp.example.net:80
	Certificate Subject Name	string	Subject name of the OCSP responder's certificate. For example CN=OCSP Responder, O=XYZ Corp.
	Certificate Issuer Name	string	Issuer name of the OCSP responder's certificate. For example CN=Enterprise CA, O=XYZ Corp. This property is required if the Certificate Subject Name is not specified.
	Certificate Serial Number	string	Serial number of the OCSP responder's certificate. For example 1234567890123456789. This property is required if the Certificate Subject Name is not specified.
*	Certificate Store	string	Certificate store where the responder certificate can be retrieved. Select from one of the following options:
*	HTTP Client Provider	string	HTTP client provider that manages outgoing connections to the responder. Select from one of the following options:

* - denotes required

Description - LDAP CertStore Providers define how certificates and CRLs can be found in an LDAP database.

 

Runtime Class - com.iwaysoftware.eclipse.template.LdapCertstoreProviderType

 

Parameter Groups

• LDAP CertStore Definition

	Parameter	Type	Description
*	URL	string	URL to reach LDAP directory. LDAP URL's are in the form ldap://host[:port]
	Base DN	string	Base DN
	Search For Serial Number In	string	If not null the serial number of the certificate is searched in this LDAP attribute.
	User Certificate Attribute	string	Attribute name(s) in the LDAP directory where end certificates are stored. Separated by space. Defaults to userCertificate.
	CA Certificate Attribute	string	Attribute name(s) in the LDAP directory where CA certificates are stored. Separated by space. Defaults to cACertificate.
	Cross-Certificate Attribute	string	Attribute name(s), where the cross certificates are stored. Separated by space. Defaults to crossCertificatePair.
	Certificate Revocation List Attribute	string	Attribute name(s) in the LDAP directory where CRLs are stored. Separated by space. Defaults to certificateRevocationList.
	LDAP User Certificate Attribute Name	string	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified userCertificateSubjectAttributeName. E.g. if cn is used to put information about the subject for end certificates, then specify cn. Defaults to cn.
	LDAP CA Certificate Attribute Name	string	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified cACertificateSubjectAttributeName. E.g. if ou is used to put information about the subject for CA certificates, then specify ou. Defaults to: cn ou o
	LDAP Cross-Certificate Attribute Name	string	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified crossCertificateSubjectAttributeName. E.g. if o is used to put information about the subject for cross certificates, then specify o. Defaults to: cn ou o
	LDAP Certificate Revocation List Attribute Name	string	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified certificateRevocationListIssuerAttributeName. E.g. if ou is used to put information about the issuer of CRLs, specify ou. Defaults to: cn ou o
	User Certificate Subject Attribute Name	string	Attribute(s) in the subject of the certificate which is used to be searched in the ldapUserCertificateAttributeName. E.g. the cn attribute of the DN could be used. Defaults to cn.
	CA Certificate Subject Attribute Name	string	Attribute(s) in the subject of the certificate which is used to be searched in the ldapCACertificateAttributeName. E.g. the ou attribute of the DN could be used. Defaults to: o ou
	Cross-Certificate Subject Attribute Name	string	Attribute(s) in the subject of the cross certificate which is used to be searched in the ldapCrossCertificateAttributeName. E.g. the o attribute of the DN may be appropriate. Defaults to: o ou
	Certificate Revocation List Issuer Attribute Name	string	Attribute(s) in the issuer of the CRL which is used to be searched in the ldapCertificateRevocationListAttributeName. E.g. the o or ou attribute may be used. Defaults to: o ou

* - denotes required

Description - This provider creates a resusable configuration for managing keystores.

 

Runtime Class - com.iwaysoftware.eclipse.template.KeystoreProviderType

 

Parameter Groups

• Keystore
• Advanced

	Parameter	Type	Description
*	Path:	string	Location of the keystore file or "NONE" if using PKCS11
	Password:	password	Keystore password
*	Type:	string	Keystore type Select from one of the following options: CaseExactJKS {CaseExactJKS} JCEKS {JCEKS} JKS {JKS} PKCS12 {PKCS12} Windows-MY {Windows-MY} Windows-ROOT {Windows-ROOT} BCPKCS12 {BCPKCS12} BKS {BKS} BKS-V1 {BKS-V1} BouncyCastle {BouncyCastle} DKS {DKS} PKCS12-3DES-3DES {PKCS12-3DES-3DES} PKCS12-3DES-40RC2 {PKCS12-3DES-40RC2} PKCS12-DEF {PKCS12-DEF} PKCS12-DEF-3DES-3DES {PKCS12-DEF-3DES-3DES} PKCS12-DEF-3DES-40RC2 {PKCS12-DEF-3DES-40RC2}

* - denotes required

	Parameter	Type	Description
	KeyStore JCE Provider:	string	JCE Provider implementing this Keystore type Select from one of the following options: NOT_SPECIFIED {NOT_SPECIFIED} SUN {SUN} SunJSSE {SunJSSE} SunJCE {SunJCE} SunMSCAPI {SunMSCAPI}
	Callback Handler:	string	The fully qualified class name of a Callback handler that will satisfy authentication callbacks for the keystore. The callback handler must satisfy the javax.security.auth.callback.CallbackHandler interface and be available on iSM's classpath.
	Reload Period:	string	Minimum time to wait before the provider checks if the KeyStore needs to be reloaded. The format is [xxh][xxm]xx[s]. Enter 0 to check for reload every time the KeyStore is requested. Leave the parameter empty to never reload the KeyStore. A file based KeyStore is reloaded only if the file was modified since last reload.

* - denotes required

Description - Directory CertStore Providers define directories from which certificates and CRLs can be loaded into a certifcate store.

 

Runtime Class - com.iwaysoftware.eclipse.template.DirectoryCertstoreProviderType

 

Parameter Groups

• Directory CertStore Definition

	Parameter	Type	Description
*	CertStore Location	string	CertStore directory location.
	Certificate Factory JCE Provider	string	JCE Provider to use when creating the X.509 Certificate Factory Select from one of the following options: NOT_SPECIFIED {NOT_SPECIFIED} SUN {SUN} BC {BC}
	Reload Period	string	Minimum time to wait before the provider checks if the directory contents was modified, hereby forcing the CertStore to be reloaded. The format is [xxh][xxm]xx[s]. Enter 0 to check the directory every time the CertStore is requested. Leave the parameter empty to never reload the CertStore.

* - denotes required

Subscribe to Security Providers