Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact support for assistance if you believe that you have a need to create or modify this type of object.
The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ ssl-protocol | ↓ digest-algorithm |
↓ ssl-cipher-suite | ↓ mac-algorithm |
↓ ssl-cert-nickname | ↓ mac-key-length |
↓ cipher-transformation | |
↓ cipher-key-length | |
↓ key-wrapping-transformation |
Description | Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication. |
Default Value | Uses the default set of SSL protocols provided by the server's JVM. |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. |
Description | Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication. |
Default Value | Uses the default set of SSL cipher suites provided by the server's JVM. |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. |
Description | Specifies the nickname (also called the alias) of the certificate that the Crypto Manager should use when performing SSL communication. This is only applicable when the Crypto Manager is configured to use SSL. |
Default Value | Let the server decide. |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | The Crypto Manager must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
digest-algorithm (Advanced Property)
Description | Specifies the preferred message digest algorithm for the Directory Server. |
Default Value | SHA-1 |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately and only affect cryptographic operations performed after the change. |
mac-algorithm (Advanced Property)
Description | Specifies the preferred MAC algorithm for the Directory Server. |
Default Value | HmacSHA1 |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. |
mac-key-length (Advanced Property)
Description | Specifies the key length in bits for the preferred MAC algorithm. |
Default Value | 128 |
Allowed Values | An integer value. Lower limit is 0. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. |
cipher-transformation (Advanced Property)
Description | Specifies the cipher for the Directory Server using the syntax algorithm/mode/padding. The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. |
Default Value | AES/CBC/PKCS5Padding |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. |
cipher-key-length (Advanced Property)
Description | Specifies the key length in bits for the preferred cipher. |
Default Value | 128 |
Allowed Values | An integer value. Lower limit is 0. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. |
key-wrapping-transformation (Advanced Property)
Description | The preferred key wrapping transformation for the Directory Server. This value must be the same for all server instances in a replication topology. |
Default Value | RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change. |
To view the Crypto Manager configuration:
dsconfig get-crypto-manager-prop [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the Crypto Manager configuration:
dsconfig set-crypto-manager-prop (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...