|
|
|
|
|
Access files use email fields in server certificates for authentication. Access files can be defined for Control-M/Server and Control-M/Agent. The default access file for Control-M/Server is called access, and it is located in the <Control-M/Server Home Directory>/data/SSL/cert directory. The default access file for Control-M/Agent is called access, and it is located in the <Agent Home Directory>/data/SSL/cert directory.
Both files contain lines similar to these:
[SSL_SERVER]
;
ALLOW_ACL = *
DENY_ACL =
The following table describes the parameters in the access file.
Parameter |
Description |
|---|---|
SSL_SERVER |
Authentication confirming a server's identity |
ALLOW_ACL |
Allows signed certificates to be sent to specified addresses. Default: * (Allow every client). |
DENY_ACL |
Deny the sending of signed certificates to specified e-mail addresses. Default: blank (Does not deny any client). |
The security level must be 4. For more information, see Security Level 4.
The server certificate email field is checked after the regular SSL handshake, and after both peers have checked that the certificates that they received are signed by a trusted root CA.
DENY_ACL and ALLOW_ACL are used to control the sending of signed certificates to email destinations.
EXAMPLE: Include the following lines in an access file to accept only the certificates issued to controlm@bmc.com and email@bmc.com. The access file must deny all other certificates, including those signed by a trusted root.
[SSL_SERVER]
;
ALLOW_ACL = controlm@bmc.com,email@bmc.com
DENY_ACL =
Parent Topic |