AUTHENTICATE_PEER - UBROKER configuration option
Description
The AUTHENTICATE_PEER option specifies whether Universal Broker will require client certificates for incoming connections to its service port (default 7887).
If set to yes, an incoming connection must present a certificate during the TLS handshake, or else the Broker will close the connection.
If set to no, the Broker will verify a client certificate if it is sent, but it is not required and the TLS handshake can succeed without one.
The CA_CERTIFICATES option must be specified if this option is set to yes, as the Broker needs trusted certificates to verify client certificates against.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Command Line, Long Form | -authenticate_peer option | ||||
Environment Variable | UBRAUTHENTICATEPEER=option | ||||
Configuration File Keyword | authenticate_peer option |
Values
option is the specification for whether or not Universal Broker will enforce client certificates during TLS handshakes.
Valid values for option are:
- yes
Enforce and verify client certificates for incoming connections. - no
Do not enforce the use of client certificates for incoming connections.
Default is no.