crypto

In the [crypto] section, the tokens control aspects associated with the cryptography module.
capamsc141
In the [crypto] section, the tokens control aspects associated with the cryptography module.
  • ca_certificate
    Defines the full pathname to the Certificate Authority (CA) certificate database.
    Default: 
    ACInstallDir
    /data/crypto/def_root.pem
  • communication_mode
    Specifies whether secure socket layer (SSL) protocols are enabled.
    If you set this token to ssl_only, only SSL V2, SSL V3, and TLS connections are enabled. This means that this computer cannot communicate with computers that do not support SSL, and so cannot communicate with computers that are running versions of 
    Privileged Access Manager Server Control
    earlier than r12.0, which do not support SSL.
    Note:
    Computers that are running 
    Privileged Access Manager Server Control
    r12.0 and later do support SSL.
    If the fips_only token is set to 1, the actual communication mode is set to ssl_only in FIPS mode (TLS), and the communication_mode token is ignored.
    Valid values are:
    • all_modes
    • ssl_only
    • non_ssl
    Default:
    non_ssl
  • CAPKIHOME
    Defines the installation directory of CAPKI.
    Default:
    /opt/CA/SharedComponents/CAPKI
  • encryption_methods
    Specifies the encryption libraries that the 
    Privileged Access Manager Server Control
    Agent uses to decrypt messages. The Agent attempts to use each library in the list, in turn, until the decryption is successful.
    Limits:
    libaes256, libaes192, libaes128, libdes, libtripledes, libscramble
    Default:
    libaes256, libaes192, libaes128, libdes, libtripledes
  • fips_only
    This token controls whether 
    Privileged Access Manager Server Control
    works in FIPS only mode. In this mode, all non-FIPS functions are disabled.
    Valid values:
    1
     
    Privileged Access Manager Server Control
    works in FIPS only mode
    0
     
    Privileged Access Manager Server Control
    works in non-FIPS mode
    Default:
    0
  • LIBRARY_PATH
    Defines the directory for the ETPKI cryptographic library.
  • private_key
    Defines the full pathname to the subject private key.
    Default:
    ACInstallDir
    /data/crypto/sub.key
  • sha_mode 
    Defines the hashing mode of the sha signatures.
    Values are: sha1, sha256, sha384, sha512
    Default:
    sha512
  • ssl_port
    Defines the port for SSL communications between 
    Privileged Access Manager Server Control
    clients and services.
    Default:
    5249
  • subject_certificate
    Defines the full pathname to the subject certificate.
    Default: 
    ACInstallDir
    /data/crypto/sub.pem