Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software

111

112

113

114

115

116

117

118

119

120

Here are some additional server examples:

Access database text line

StartTLS connection as server to system nbcTLS_Clt:nbc.hp.com

StartTLS connection and certificate verification requiredTLS_Clt:nbc.hp.com VERIFY

Must encrypt with at least 32 bitsStartTLS connection and certificate verification

required

Certificate verification and encryption strength of at least 32 bitsTLS_Clt:nbc.hp.com VERIFY:32

Additional access database tags allow the fine tuning of TLS connections:

TEMP+ or PERM+ shorthands are used to mark an entry as temporary or permanent failure/rejection.

Access database text line

StartTLS connection as server to system cbsTLS_Clt:cbs.hp.com

StartTLS connection and certificate verification required (failure

marked as permanent)

TLS_Clt:cbs.hp.com PERM+VERIFY

Must encrypt with at least 64 bits (failure marked as temporary )TLS_Clt:cbs.hp.com TEMP+ENCR:64

Certificate verification and encryption strength of at least 32 bits

(failure marked as temporary)

TLS_Clt:cbs.hp.com TEMP+VERIFY:32

The other modifiers include the CN, CS and CI tags. This tag class is started with a ‘+’ sign and

additional tags are separated by ‘++’. CN is shorthand for the Common name of the client or

server certification (the fully qualified domain name of the server). CS is shorthand for the Common

server certification (the fully qualified domain name of the server). CI is shorthand for the Common

client certification (the fully qualified domain name of the client).

CN:name means CN must be ‘name’

CN—CN means CN must the name of the server

CS:name means the Domain name must be ‘name’

CI:name means the CI Domain name must be ‘name

Summary of TLS options available for use in the access data file

OptionalAdditional fieldsSecond (or more) fieldFirst field

YES or NOAddress, or host, or

domain information

Try_TLS

• CN:name

• CN—CN

• CS:name

• CI:name

optional

• VERIFY |

• ENCR:bits |

• VERIFY:bits

host-name or addressTLS_Srv: (TLS Server

Side)

• CN:name

• CN—CN

• CS:name

• CI:name

optional

• VERIFY |

• ENCR:bits |

• VERIFY:bits

host-name or addressTLS_Clt: (TLS Client

Side)

• CN:name

• CN—CN

• CS:name

• CI:name

optional

• VERIFY |

• ENCR:bits |

• VERIFY:bits

user@, domain,

subdomain

TLS_Rcpt: (TLS Client

Side)

Sendmail Server Administration 117