ssl-verify-peer-mode
Level of client verification required by the server instance
Syntax
--ssl-verify-peer-mode mode
Description
ssl-verify-peer-mode
specifies whether the server requires clients to
present a valid certificate to connect to it. Server instances allow clients to connect
to it with or without providing a valid certificate. All requests will still require
authorization.
If you set ssl-verify-peer-mode
to
verify-peer-require-peer-cert
, you must set either the x509-ca-file-store
or x509-use-system-store
property.
Parameters
mode
Mode used to authenticate clients. Valid values are:
no-verify-peer
— No peer certificate verification. The client side does not need to provide a certificate.verify-peer-require-peer-cert
— The client must provide a certificate and the certificate will be verified.
The default is no-verify-peer
.
Examples
For on-premises server instances created using the command line, update this server configuration property in the
main_config
server configuration file.For on-premises server instances created using the dashboard and for server deployments in the cloud, use the dashboard and cloud dashboard, respectively, to update the server configuration property.
Configure Using Command Line
In the main_config
file, set the
ssl-verify-peer-mode
property to the following:
--ssl-verify-peer-mode verify-peer-require-peer-cert
Configure Using Dashboard
In the dashboard, in the Settings tab of your server instance, under SSL, enter the following for the SSL Verify Peer Mode property:
verify-peer-require-peer-cert
See Also
https
| x509-use-system-store
| x509-ca-file-store
| x509-use-crl