Implementing self-signed certificates

Spectrum SSL properties offer varying degrees of control of certificate verification through Certificate Authorities (CAs).

The role of a CA is to issue digital certificates to trusted entities and pass that trust to the SSL protocol that is trying to evaluate the certificate. If the CA cannot validate (trust) the entity, they can block authentication.

Note: Although supported, we recommend against using self-signed certificates in a production environment. We do not consider this a best practice, as it overrides some authentication security checks.

SSL properties and defaults

Property/default	Description
spectrum.encryption.selfSignedCert=false	True or false: implement self-signed certificates in Spectrum Technology Platform
spectrum.encryption.trustAllHosts=false	True or false: implicitly trust all certificates; during verification, ignore host name specified on certificate
spectrum.encryption.validateCerts=true	True or false: bypass CA trust validation

Setting SSL handling and preferences for self-signed certificates

To implement self-signed certificates in Spectrum Technology Platform, first set this property in file spectrum-container.properties: spectrum.encryption.selfSignedCert=true.

Other SSL properties allow more specific, granular control of certificate verification through Certificate Authorities (CAs). The role of the CA is to issue digital certificates to trusted entities and pass that trust to the SSLprotocol that is trying to evaluate the certificate. If the CA cannot validate (trust) the entity, they can block authentication.

• To bypass CA trust validation, you can set this property: spectrum.encryption.validateCerts=true.

• To implicitly trust certificates – signed or unsigned, and if the property spectrum.encryption.validateCerts is set to false, set this property: spectrum.encryption.trustAllHosts.