File Based Trust Manager Provider

The file-based trust manager provider determines whether to trust a presented certificate based on whether that certificate exists in a server trust store file.

The trust store file can be in either JKS (the default Java key store format) or PKCS#12 (a standard certificate format) form.

Parent Component Relations from This Component Relations to This Component Properties dsconfig Usage

Parent Component

The File Based Trust Manager Provider component inherits from the Trust Manager Provider

Relations from This Component

The following components have a direct aggregation relation from File Based Trust Manager Providers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 enabled  None
 include-jvm-default-issuers
 trust-store-file
 trust-store-type
 trust-store-pin
 trust-store-pin-file
 trust-store-pin-passphrase-provider

Basic Properties

enabled

Description
Indicate whether the Trust Manager Provider is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

include-jvm-default-issuers

Description
Indicates whether certificates issued by an authority included in the JVM's set of default issuers should be automatically trusted, even if they would not otherwise be trusted by this provider.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-file

Description
Specifies the path to the file containing the trust information. It can be an absolute path or a path that is relative to the Directory Server instance root. Changes to this configuration attribute take effect the next time that the trust manager is accessed.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

trust-store-type

Description
Specifies the format for the data in the trust store file. Valid values always include 'JKS' and 'PKCS12', but different implementations can allow other values as well. If no value is provided, then the JVM default value is used. Changes to this configuration attribute take effect the next time that the trust manager is accessed.
Default Value
None
Allowed Values
Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

trust-store-pin

Description
Specifies the clear-text PIN needed to access the File Based Trust Manager Provider.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed.

trust-store-pin-file

Description
Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Trust Manager Provider.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
No
Admin Action Required
None. Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed.

trust-store-pin-passphrase-provider

Description
The passphrase provider to use to obtain the clear-text PIN needed to access the File Based Trust Manager Provider.
Default Value
None
Allowed Values
The DN of any Passphrase Provider.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Trust Manager Providers:

dsconfig list-trust-manager-providers
     [--property {propertyName}] ...

To view the configuration for an existing Trust Manager Provider:

dsconfig get-trust-manager-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Trust Manager Provider:

dsconfig set-trust-manager-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new File Based Trust Manager Provider:

dsconfig create-trust-manager-provider
     --provider-name {name}
     --type file-based
     --set enabled:{propertyValue}
     --set trust-store-file:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Trust Manager Provider:

dsconfig delete-trust-manager-provider
     --provider-name {name}