VERIFY_HOST_NAME - UCTL Manager configuration option

Owned by Stonebranch (Deactivated)
Last updated: Jul 15, 2024
1 min read

Description

The VERIFY_HOST_NAME option specifies whether or not the Universal Broker's X.509 certificate identity is verified.

Verification consists of verifying that the certificate is issued by a trusted CA. The CA_CERTIFICATES option specifies which CA certificates are considered trusted.

The identity is verified by matching the value specified by VERIFY_HOST_NAME to the Universal Broker's certificate host value.

The following certificate fields are matched in the order listed:

  1. X.509 v3 dNSName field of the subjectAltName extension value
  2. X.509 commonName attribute of the subject field's Distinguished Name (DN) value
  3. X.509 v3 iPAddress field of the s*ubjectAltName* extension value

One of these fields must match for identification to be considered successful. If either verification or identification fails, the session is rejected and the Universal Control Manager terminates.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

Command Line, Short Form

n/a





Command Line, Long Form

-verify_host_name option


(tick)

(tick)

(tick)

Environment Variable

UCTLVERIFYHOSTNAME=option

(tick)

(tick)

(tick)


Configuration File Keyword

verify_host_name option

(tick)

(tick)

(tick)

(tick)

STRUCT Parameter

VFYHSTNM(option)

(tick)




Values

option is the specification for whether or not the X.509 certificate identity is verified.

Valid values for option are:

  • yes
    Certificate identity is verified using the host name specified by the REMOTE_HOST option.
  • no
    Certificate identity is not verified.
  • hostname
    Certificate identity is verified using hostname. The value hostname can be a DNS host name or an IP address.

Default is no.