The Certificate validation provider provides authentication services. You configure the Certificate provider by setting properties you require in the <installation directory>\EAServer\Repository\CSI\conf\default.xml file.
To configure Certificate validation with another security provider, ensure you configure the certificate validation properties before other login modules that will support this validation service.
| Properties | Default value | Description |
|---|---|---|
| crl.[index].uri | none | Specifies the URI of the CRL. Multiple CRLs can be configured using different values for the index. If you are retrieving the CRL from an LDAP directory, the LDAP URL specified should point to the certificationAuthority entry and should include the query parameters to retrieve the certificateRevocationList attribute of that entry. For example, if an organizational unit (for example, ou=certCAou,dc=sybase,dc=com) is designated as a CA by adding the auxiliary object class certificationAuthority to it, then the LDAP URL specified should be something like the following: ldap://localhost:389/ou=certCAou,dc=sybase,dc=com?certificaterevocationlist |
| validateCertPath | false | Enables and disables certificate path validation. If you do not set this path, the certificate is assumed to be valid. This should only be set to true when the container has not prevalidated the certificate. |
| trustedCertStore | none | Specifies the key store containing the trusted CA certificates. This option is required when validateCertPath is true . |
| trustedCertStorePassword | none | Sets the password to access the specified trusted certificate store. |
| trustedCertStoreType | obtained at runtime: KeyStore.getDefaultType() | Specifies the type of the key store. |
| trustedCertStoreProvider | none | Specifies the provider for the key store. |
| validatedCertificateIsIdentity | false | Specifies if the certificate should be set as the ID for the authenticated subject. This option should be set to false if the CertificateValidationLoginModule is used in conjunction with other login modules that establish user identity based on the validated certificate. |
Send your feedback on this help topic to Sybase Technical Publications: pubs@sybase.com
Your comments will be sent to the technical publications staff at Sybase, Inc. For product-related issues or technical support, contact Sybase Technical Support at 1-800-8SYBASE.