Connection advanced settings

Owned by Peter Babinec (Unlicensed)
Last updated: Sept 23, 2020 by admin (Unlicensed)
3 min read

INDEX

General

When configuring connection there are advanced settings for each ALM tool. Those can be accessed via following checkbox:


This will show the following settings:


NameDescription
Client certificateAllows two-way TLS on the server with custom uploaded client certificate (.pfx/.p12 file encrypted with export passphrase).
CA certificateAllows one-way TLS on the server with custom uploaded CA certificate (.pem/.crt file). Will be ignored if Verify TLS / SSL is set to false.
Server certificate validationEnables / disables TLS certificate (CA) check. If you have setup a custom (self-signed) CA certificate and want that to be used for verification, you need to have the verification enabled.
Custom TimeoutConnection timeout in seconds for HTTP requests to the ALM tool. Must be a value between 5 and 60. The default is 5 seconds.

Intermediate CA certificates

If the certificate of your ALM is signed by a intermediate certificate (and not by the root CA one), you need to bring all the intermediate certificates (including the root) into one .pem file first. An example (with one intermediate) can be seen here:

-----BEGIN CERTIFICATE-----
ROOT CA CERT THAT ISSUES THE INTERMEDIATE CA CERT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
INTERMEDIATE CA CERT
-----END CERTIFICATE-----

The order (root-ca first then intermediate-ca / intermediate-ca first then root-ca) does not matter



One-way / Two-way TLS communication

In one-way TLS, or regular TLS, the X.509 server certificate is created by a CA that the client can trust when wants to connect.

To upload CA certificate in PEM format click on the Upload pem in advanced settings and choose the file (.pem / .crt) from your system:

In a two-way TLS (mutual authentication) the server and client does a digital handshake, where the server needs to present a certificate to authenticate itself to the client and vice-versa.

To upload client certificate in PKCS#12 format click on the Upload PKCS#12 in advanced settings. You will be prompted to choose the file (.pfx / .p12) from your system:

After choosing the file you will be required to insert the correct export passphrase which was used when creating the client certificate:

After uploading certificates everything is set for one-way (CA cert only) / two-way (both client and CA certificates) TLS communication.
If needed you can delete the files to disable one-way / two-way TLS with custom certificates.