PROXY_CERTIFICATES - UDM Manager configuration option
Description
The PROXY_CERTIFICATES option specifies whether or not UDM will use the managers certificate in a three-party transfer session if a certificate is supplied to the UDM Manager.
Proxy certificates are used only for three-party transfer sessions. All components, manager, primary and secondary, must be version 3.2 or later and must be using OpenSSL (System SSL does not support proxy certificates).
If PROXY_CERTIFICATES is set to yes, the UDM Manager's certificate is used to create a proxy certificate for the primary to use when connecting to the secondary. The proxy certificate has the same subject name as the managers certificate, so the certificate ACL for the secondary can be set up to look just like the primary's ACL.
Note
For more information on X509 proxy certificates, see the RFC at:
http://www.globus.org/alliance/publications/papers/pki04-welch-proxy-cert-final.pdf
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Command Line, Short Form | n/a | ||||
Command Line, Long Form | -proxy_certificates option | ||||
Environment Variable | UDMPROXYCERTIFICATES=option | ||||
Configuration File Keyword | proxy_certificates option | ||||
STRUDM Parameter | PROXYCERT (option) |
Values
option is the specification for whether or not UDM will use proxy certificates.
Valid values for option are:
- yes
UDM will use proxy certificates. - no
UDM will not use proxy certificates.
Default is no.