Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

INDEX

General

When configuring connection there are advanced settings for each ALM tool. Those can be accessed via following checkbox:


This will show the following settings:


NameDescription
Client certificateAllows two-way TLS on the server with custom uploaded client certificate (.pfx/.p12 file encrypted with export passphrase).
CA certificateAllows one-way TLS on the server with custom uploaded CA certificate (.pem/.crt file). Will be ignored if Verify TLS / SSL is set to false.
Server certificate validationEnables / disables TLS certificate (CA) check. If you have setup a custom (self-signed) CA certificate and want that to be used for verification, you need to have the verification enabled.
Custom TimeoutConnection timeout in seconds for HTTP requests to the ALM tool. Must be a value between 5 and 60. The default is 5 seconds.

Intermediate CA certificates

If the certificate of your ALM is signed by a intermediate certificate (and not by the root CA one), you need to bring all the intermediate certificates (including the root) into one .pem file first:

-----BEGIN CERTIFICATE-----
INTERMEDIATE CA CERT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ROOT CA CERT THAT ISSUES THE INTERMEDIATE CA CERT
-----END CERTIFICATE-----



One-way / Two-way TLS communication

In one-way TLS, or regular TLS, the X.509 server certificate is created by a CA that the client can trust when wants to connect.

To upload CA certificate in PEM format click on the Upload pem in advanced settings and choose the file (.pem / .crt) from your system:

In a two-way TLS (mutual authentication) the server and client does a digital handshake, where the server needs to present a certificate to authenticate itself to the client and vice-versa.

To upload client certificate in PKCS#12 format click on the Upload PKCS#12 in advanced settings. You will be prompted to choose the fileĀ (.pfx / .p12) from your system:

After choosing the file you will be required to insert the correct export passphrase which was used when creating the client certificate:

After uploading certificates everything is set for one-way (CA cert only) / two-way (both client and CA certificates) TLS communication.
If needed you can delete the files to disable one-way / two-way TLS with custom certificates.












  • No labels