VERIFY_HOST_NAME - UDM Server configuration option
Description
The VERIFY_HOST_NAME option specifies, for a three-party transfer session, whether or not the primary server should verify the secondary server's Universal Broker X.509 certificate identity.
Verification consists of verifying that the certificate is issued by a trusted CA. The CA_CERTIFICATES option specifies which CA certificates are considered trusted.
The identity is verified by matching the value specified by VERIFY_HOST_NAME to the secondary server's Universal Broker certificate host value.
The following certificate fields can be matched:
- X.509 commonName attribute of the subject field's Distinguished Name (DN) value
- X.509 v3 dNSName field of the subjectAltName extension value
- X.509 v3 iPAddress field of the subjectAltName extension value
One of these fields must match for identification to be considered successful. If either verification or identification fails, the session is rejected and the UDM Manager terminates.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Command Line, Short Form | n/a | ||||
Command Line, Long Form | -verify_host_name option | ||||
Environment Variable | UDMVERIFYHOSTNAME=option | ||||
Configuration File Keyword | verify_host_name option |
Values
option is the specification for whether or not the X.509 certificate identity is verified.
Valid values for option are:
- no
Certificate identity is not verified. - yes
Primary server will verify the host name of the secondary server against the name contained in secondary server's Broker X.509 certificate.
Default is no.