Implementing self-signed certificates
Spectrum SSL properties offer varying degrees of control of certificate verification through Certificate Authorities (CAs).
The role of a CA is to issue digital certificates to trusted entities and pass that trust to the SSL protocol that is trying to evaluate the certificate. If the CA cannot validate (trust) the entity, they can block authentication.
SSL properties and defaults
Property/default | Description |
---|---|
spectrum.encryption.selfSignedCert=false | True or false: implement self-signed certificates in Spectrum™ Technology Platform |
spectrum.encryption.trustAllHosts=false | True or false: implicitly trust all certificates; during verification, ignore host name specified on certificate |
spectrum.encryption.validateCerts=true | True or false: bypass CA trust validation |
Setting SSL handling and preferences for self-signed certificates
To implement self-signed certificates in Spectrum Technology Platform, first set this property in file spectrum-container.properties: spectrum.encryption.selfSignedCert=true.
Other SSL properties allow more specific, granular control of certificate verification through Certificate Authorities (CAs). The role of the CA is to issue digital certificates to trusted entities and pass that trust to the SSLprotocol that is trying to evaluate the certificate. If the CA cannot validate (trust) the entity, they can block authentication.
• To bypass CA trust validation, you can set this property: spectrum.encryption.validateCerts=true.
• To implicitly trust certificates – signed or unsigned, and if the property spectrum.encryption.validateCerts is set to false, set this property: spectrum.encryption.trustAllHosts.