Apply Destination Connector SSL Settings

On the Channels page, double-click a channel in the Channel list.
Select the Destinations tab.
In the Connector Type field, select the connector type that supports the SSL Manager (HTTP Sender, Web Service Sender, File Writer in FTP mode).
In the SSL Settings section, the SSL Manager is inactive.
- If you populate the URL field in the HTTP Sender Settings section, the field turns yellow with a Lock icon next to the URL.
- If you move the pointer over the Lock icon, a tool tip appears that explains the reason for the situation. (Selecting the Lock icon opens a window with the same content as the tool tip.)
In the SSL Settings section - Use SSL Manager field, select Yes to nullify the locked condition and enable all security options and two-way authentication. (The URL field turns green to reflect the change.)

Select the wrench icon to open the SSL Settings window:

Item	Name	Default Value	Description
A	Server Certificate Validation	Enabled	If enabled, only the certificates configured in the below Trusted Client Certificates section will be trusted. If disabled, all certificates are automatically trusted.
B	Trusted Server Certificates	Java Truststore only	Select the wrench icon here to select which certificates to trust. This applies not only to certificates presented by servers, but also to those trusted for CRL / OCSP revocation checking. For additional information, seeTrusted Server Certificates
C	Hostname Verification	Enabled	If enabled, validation will fail if the Subject CN (or Subject Alternative Name) presented in the server certificate does not match the actual endpoint the connector is dispatching to. If disabled, valid certificates will be accepted even if the host name does not match. Click the wrench icon to open the Additional Allowed Hosts dialog. For additional information, see Additional Allowed Hosts.
D	Subject DN Validation	No	If enabled, only server certificates with subject distinguished names (DNs) matching the given list will be allowed. If a server certificate not matching any of the trusted DNs is presented, the SSL connection / handshake will fail. For additional information, see Subject DN Validation
E	Allow Expired Certificates	No	If disabled, both local and remote certificates will be checked during the SSL handshake to ensure that none of the certificates in the accessible chain have expired.
F	OCSP Revocation Checking	No	Select Yes to enable Online Certificate Server Protocol (OCSP) checking for all local and remote certificates. The issuer of the response certificate must be trusted as well in order to verify signatures. For additional information, see OCSP Revocation Checking
G	CRL Revocation Checking	No	Select Yes to enable Certificate Revocation List (CRL) checking for all local and remote certificates. The issuer of the CRL must be included in your trusted certificates as well in order to verify signatures. For additional information, see CRL Revocation Checking
H	My Client Certificate	None	If client/mutual authentication is needed, select the local certificate used to identify this connector. For additional information, see My Client Certificate
I	Enabled Protocols	Server defaults	The TLS/SSL protocols to enable for this listener connector. For additional information, see Enabled TLS/SSL Protocols
J	Enable Sipher Suites	Server defaults	The TLS/SSL cipher suites to enable for this listener connector. For additional information, see Enabled TLS/SSL Cipher Suites

Apply Destination Connector SSL Settings

On the Channels page, double-click a channel in the Channel list.
Select the Destinations tab.
In the Connector Type field, select the connector type that supports the SSL Manager (HTTP Sender, Web Service Sender, File Writer in FTP mode).
In the SSL Settings section, the SSL Manager is inactive.
- If you populate the URL field in the HTTP Sender Settings section, the field turns yellow with a Lock icon next to the URL.
- If you move the pointer over the Lock icon, a tool tip appears that explains the reason for the situation. (Selecting the Lock icon opens a window with the same content as the tool tip.)
In the SSL Settings section - Use SSL Manager field, select Yes to nullify the locked condition and enable all security options and two-way authentication. (The URL field turns green to reflect the change.)

Select the wrench icon to open the SSL Settings window:

Item	Name	Default Value	Description
A	Server Certificate Validation	Enabled	If enabled, only the certificates configured in the below Trusted Client Certificates section will be trusted. If disabled, all certificates are automatically trusted.
B	Trusted Server Certificates	Java Truststore only	Select the wrench icon here to select which certificates to trust. This applies not only to certificates presented by servers, but also to those trusted for CRL / OCSP revocation checking. For additional information, seeTrusted Server Certificates
C	Hostname Verification	Enabled	If enabled, validation will fail if the Subject CN (or Subject Alternative Name) presented in the server certificate does not match the actual endpoint the connector is dispatching to. If disabled, valid certificates will be accepted even if the host name does not match. Click the wrench icon to open the Additional Allowed Hosts dialog. For additional information, see Additional Allowed Hosts.
D	Subject DN Validation	No	If enabled, only server certificates with subject distinguished names (DNs) matching the given list will be allowed. If a server certificate not matching any of the trusted DNs is presented, the SSL connection / handshake will fail. For additional information, see Subject DN Validation
E	Allow Expired Certificates	No	If disabled, both local and remote certificates will be checked during the SSL handshake to ensure that none of the certificates in the accessible chain have expired.
F	OCSP Revocation Checking	No	Select Yes to enable Online Certificate Server Protocol (OCSP) checking for all local and remote certificates. The issuer of the response certificate must be trusted as well in order to verify signatures. For additional information, see OCSP Revocation Checking
G	CRL Revocation Checking	No	Select Yes to enable Certificate Revocation List (CRL) checking for all local and remote certificates. The issuer of the CRL must be included in your trusted certificates as well in order to verify signatures. For additional information, see CRL Revocation Checking
H	My Client Certificate	None	If client/mutual authentication is needed, select the local certificate used to identify this connector. For additional information, see My Client Certificate
I	Enabled Protocols	Server defaults	The TLS/SSL protocols to enable for this listener connector. For additional information, see Enabled TLS/SSL Protocols
J	Enable Sipher Suites	Server defaults	The TLS/SSL cipher suites to enable for this listener connector. For additional information, see Enabled TLS/SSL Cipher Suites

Apply Destination Connector SSL Settings

Recommendations

Common Connector SSL Settings

Apply Source Connector SSL Settings

Settings

Trusted Server Certificates

My Client Certificate

Subject DN Validation

Apply Destination Connector SSL Settings

Common Connector SSL Settings

Apply Source Connector SSL Settings

Settings

Trusted Server Certificates

My Client Certificate

Subject DN Validation