Main Content

ssl-verify-peer-mode

Level of client verification required by the server instance

Syntax

--ssl-verify-peer-mode mode

Description

ssl-verify-peer-mode specifies whether the server requires clients to present a valid certificate to connect to it. Server instances allow clients to connect to it with or without providing a valid certificate. All requests will still require authorization.

If you set ssl-verify-peer-mode to verify-peer-require-peer-cert, you must set either the x509-ca-file-store or x509-use-system-store property.

Parameters

mode

Mode used to authenticate clients. Valid values are:

  • no-verify-peer — No peer certificate verification. The client side does not need to provide a certificate.

  • verify-peer-require-peer-cert — The client must provide a certificate and the certificate will be verified.

The default is no-verify-peer.

Examples

  • For on-premises server instances created using the command line, update the server configuration property in the main_config server configuration file.

  • For on-premises server instances created using the dashboard and for server deployments in the cloud, use the dashboard and cloud dashboard, respectively, to update the server configuration property.

Configure Using Command Line

Require Clients to Provide SSL Certificate

In the main_config file, set the ssl-verify-peer-mode property to the following:

--ssl-verify-peer-mode verify-peer-require-peer-cert

Configure Using Dashboard

Require Clients to Provide SSL Certificate

In the dashboard, in the Settings tab of your server instance, under SSL, enter the following for the SSL Verify Peer Mode property:

verify-peer-require-peer-cert