The
Only one EMA TLS Profile may be configured at any given time.
The user may configure up to three client CA certifications (using separate 'set' commands) for an EMA TLS Profile.
PC Java Configuration supports TLS 1.0 only by default. When EmaTlsProfile v1_0 is disabled, the corresponding Java Configuration for TLS support must be enabled. See below example for Windows environment:
To enable TLS support in Windows:
% set profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name> authClient <false | true> ocspProfileName <OCSP profile name> serverCertName <server certificate> v1_0 <disabled | enabled> v1_1 <disabled | enabled> v1_2 <disabled | enabled> % show profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name> % delete profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name>
The EMA TLS Profile parameters are as shown below:
Parameter | Length/Range | Description |
---|---|---|
<EMA TLS Profile name> | 1-23 characters | The name of the EMA TLS Profile. Only one EMA TLS Profile may be configured at any given time. |
ClientCaCert | N/A | The name of the EMA-CA certificate associated with this EMA-TLS profile. |
authClient | N/A
| Set flag to "true" to force the EMA-TLS client to authenticate itself within TLS. If this field is set false,
|
ocspProfileName | N/A | The name of the OCSP profile associated with this EMA-TLS profile. |
serverCertName | N/A | The name of the server certificate associated with this EMA-TLS profile. |
v1_0 | N/A | TLS protocol version 1.0
|
v1_1 | N/A | TLS protocol version 1.1
|
v1_2 | N/A | TLS protocol version 1.2
|
% show profiles security EmaTlsProfile EmaTlsProfile defaultEmaTlsProfile { authClient true; serverCertName defaultSBCCert; v1_0 disabled; v1_1 disabled; v1_2 enabled; }