Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Description

The VERIFY_HOST_NAME option specifies, for a three-party transfer session, whether or not the primary server should verify the secondary server's Universal Broker X.509 certificate identity.

Verification consists of verifying that the certificate is issued by a trusted CA. The CA_CERTIFICATES option specifies which CA certificates are considered trusted.

The identity is verified by matching the value specified by VERIFY_HOST_NAME to the secondary server's Universal Broker certificate host value.

The following certificate fields can be matched:

  • X.509 commonName attribute of the subject field's Distinguished Name (DN) value
  • X.509 v3 dNSName field of the subjectAltName extension value
  • X.509 v3 iPAddress field of the subjectAltName extension value

One of these fields must match for identification to be considered successful. If either verification or identification fails, the session is rejected and the UDM Manager terminates.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

Command Line, Short Form

n/a





Command Line, Long Form

-verify_host_name option


(tick)

(tick)

(tick)

Environment Variable

UDMVERIFYHOSTNAME=option


(tick)

(tick)


Configuration File Keyword

verify_host_name option


(tick)

(tick)

(tick)

Values

option is the specification for whether or not the X.509 certificate identity is verified.

Valid values for option are:

  • no
    Certificate identity is not verified.
  • yes
    Primary server will verify the host name of the secondary server against the name contained in secondary server's Broker X.509 certificate.


Default is no.

  • No labels