Subject DN Validation

SSL Manager User Guide

CRL Revocation Checking

If enabled, Certificate Revocation List (CRL) checking will be done on all local and remote certificates. The issuer of the CRL must be included in your trusted certificates as well in order to verify signatures. CRL Enabled option on the SSL Settings window Select the wrench icon to open the CRL Settings window: CRL Settings window with CRL URI field and Hard Fail option CRL URI: This setting is optional. If specified, this URI will be used in addition to any certificate CRL Distribution Points when checking for revocation. HTTP, File FTP, or LDAP URIs are supported. Hard Fail: When enabled, this connector will depend on the remote CRL provider. If a CRL cannot be downloaded or verified for any reason, all connections will fail revocation checks. Parent topic: Common Connector SSL Settings

SSL Manager User Guide

Example 1

Distinguished Name: OU=NHIN,O=HHS-ONC,C=US Full Match: No Set Trusted Certification Subject DNs window displaying the Distinguished Name and Full Match values Candidate Certificate Subject DN Passes? Reason CN=My Server, OU=NHIN, C=US X icon Missing O=HHS-ONC CN=My Server, OU=NHIN, OU=My Org Unit, O=HHS-ONC, C=US, ST=California Check mark icon Has all required components, even if an extra OU is present C=US, O=HHS-ONC, OU=NHIN Check mark icon Has all required components, order doesn't matter Parent topic: Subject DN Validation

SSL Manager User Guide

Example 3

Distinguished Names: CN=My Server 1 CN=My Server 2,OU=R&D Full Match: No Set Trusted Certificate Subject DNs window with Distinguished Name and Full Match values Candidate Certificate Subject DN Passes? Reason CN=My Server, O=NextGen, OU=R&D X icon Doesn't match any entry CN=My Server 1, O=NextGen Check mark icon Matches the first entry CN=My Server 2, O=NextGen X icon Doesn't match any entry CN=My Server 2, O=NextGen, OU=R&D Check mark icon Matches the second entry Parent topic: Subject DN Validation

SSL Manager User Guide

Example 2

Distinguished Name: CN=My Server 1 CN=My Server 2,OU=R&D Full Match: Yes Set Trusted Certificate Subject DNs window displaying Distinguished Name and Full Match values Candidate Certificate Subject DN Passes? Reason CN=My Server, O=NextGen, OU=R&D Check mark icon Exact match OU=R&D, O=NextGen, CN=My Server Check mark icon Exact match, order doesn't matter CN=My Server, O=NextGen X icon Missing OU=R&D CN=My Server, O=NextGen, OU=R&D, C=US X icon Has extra untrusted component Parent topic: Subject DN Validation

SSL Manager User Guide

Apply Destination Connector SSL Settings

On the Channels page, double-click a channel in the Channel list. Select the Destinations tab. In the Connector Type field, select the connector type that supports the SSL Manager (HTTP Sender, Web Service Sender, File Writer in FTP mode). In the SSL Settings section, the SSL Manager is inactive. If you populate the URL field in the HTTP Sender Settings section, the field turns yellow with a Lock icon next to the URL. If you move the pointer over the Lock icon, a tool tip appears that explains the reason for the situation. (Selecting the Lock icon opens a window with the same content as the tool tip.) Adding a URL while the Manager is Inactive In the SSL Settings section - Use SSL Manager field, select Yes to nullify the locked condition and enable all security options and two-way authentication. (The URL field turns green to reflect the change.) Enabling SSL Manager Select the wrench icon to open the SSL Settings window: Items on the SSL Settings Window Item Name Default Value Descrip

SSL Manager User Guide

Apply Source Connector SSL Settings

On the Channels page, double-click a channel in the Channel list. Select the Source tab. In the Connector Type field, select the connector type that supports the SSL Manager (for example, HTTP Listener, Web Service Listener, File Reader in FTP mode). In the SSL Settings section - Enable field, select Yes. Enabling SSL Settings Select the wrench icon to open the SSL Settings window: Items on the SSL Settings Window Item Name Default Value Description A My Server Certificate None Select the local certificate used to identify this listener connector. For additional information, see My Server Certificate B Client Authentication Disabled Disabled: No client authentication is requested. Request: Client certificate is requested but not required. If the client presents a certificate it will be used for extra security. Require: Client certificate is required. If the client does not present a certificate, the handshake will fail. C Client Certificate Validation Enabled If enabled, only the certi

Subject DN Validation

Recommendations

CRL Revocation Checking

Example 1

Example 3

Example 2

Apply Destination Connector SSL Settings

Apply Source Connector SSL Settings