BW 5 SSL Properties

问:

没有RootCA如何通过证书验证?  No Way yet !

问:

没有中间子证书但是有RootCA如何通过证书验证:

java.property.com.tibco.security.NoExplicitCAChain=true


All the properties worthy tests are like below:

-------------------------------------------------------------------------------------

 java.property.com.tibco.security.NoExplicitCAChain=true

 java.property.com.tibco.security.CheckRevocation=true

 java.property.com.tibco.security.EntrustLast=true

 java.property.TIBCO_SECURITY_VENDOR=j2se

-------------------------------------------------------------------------------------

Please find the answers inline.

1. Our goal is to keep only root CA certificate in the trust folder and remove all server/client cert and intermediate certs. Can we accomplish this by setting the below property in the bw app .tra file?

java.property.com.tibco.security.NoExplicitCAChain=true

Yes, in general BW has an explicit trust model. i.e. client would only establish an SSL connection if it was able to verify a full chain of trust from the server's certificate to a  root certificate. By setting NoExplicitCAChain to true, we can work around the explicit model, which will not require the full certificate chain to be present.

2. What is the benefit of the below property?

#enable revocation checks

java.property.com.tibco.security.CheckRevocation=true

-------------------------------------------------------------------------------------

推荐阅读更多精彩内容