SSLCACertificatesPath

Use this parameter to specify the path to a directory containing multiple CA certificates in PEM format to check against. Each file must contain one CA certificate. The files are looked up by the CA subject name hash value, which must be available. If more than one CA certificate with the same name hash value exists, the extension must be different (for example, 9dd6633f0.0, 9dd6633f0.1, and so on). The search is performed in the order of the extension number, regardless of other properties of the certificates.

As an alternative, you can specify the path to a file containing multiple CA certificates in PEM format. The file can contain certificates identified by sequences like the following example:

----BEGIN CERTIFICATE----
... (CA certificate in base64 encoding) ...
----END CERTIFICATE----

You can insert text before, between, and after the certificates to be used as descriptions of the certificates.

CAUTION:

If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one is examined. This might lead to unexpected results if the same CA certificate is available with different expiration dates. If a certificate expired verification error occurs, no other certificate is searched. Make sure expired certificates are not mixed with valid ones.

For more information, refer to https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html.

When you set SSLCACertificatesPath, it implicitly sets SSLCheckCertificate to True. In this case, you can set SSLCheckCertificate to False to allow HPE OneDrive Connector the component to fill in any chain required for the SSLCertificate by using the certificates that you specify in SSLCACertificatesPath, without requiring a certificate from the connected peer.

Type: String
Default: None
Required: No
Configuration Section: SSLOptionN
Example: SSLCACertificatesPath=C:\IDOL\HTTPConnector\CACERTS\
See Also: SSLConfig

_HP_HTML5_bannerTitle.htm