Last update June 13, 2017
CA ControlMinder maintains cryptography module settings it uses under the following key:
The crypto registry key contains the following registry entries:
Defines the full pathname to the Certificate Authority (CA) certificate database.
Specifies the interval to execute the cleanup task.
Default: 00:00@Sun,Mon,Tue,Wed,Thu,Fri,Sat (Running every day at midnight)
Specifies whether secure socket layer (SSL) protocols are enabled.
If you set this to ssl_only, only SSL V2, SSL V3, and TLS connections are enabled. This means that this computer cannot communicate with computers that do not support SSL, and so cannot communicate with computers that are running versions of CA ControlMinder earlier than r12.0, which do not support SSL.
Note: Computers that are running CA ControlMinder r12.0 and later do support SSL.
If the fips_only token is set to 1, the actual communication mode is set to ssl_only in FIPS mode (that is, TLS), and the communication_mode token is ignored.
Valid values are:
Specifies the encryption libraries that the CA ControlMinder Agent uses to decrypt messages. The Agent attempts to use each library in the list, in turn, until the decryption is successful.
Limits: aes256enc, aes192enc, aes128enc, desenc, tripledesenc, defenc
Default: aes256enc, aes192enc, aes128enc, desenc, tripledesenc
This token controls whether CA ControlMinder works in FIPS only mode. In this mode all non-FIPS functions are disabled.
1 CA ControlMinder works in FIPS only mode
0 CA ControlMinder works in non-FIPS mode
Defines the full pathname to the subject private key.
Specifies the interval to refresh an internal cache and resolve the IP address of the connected host.
Default: 86400 seconds (24 hours)
Specifies whether the certificate hostname validation is enabled during a secure connection.
Note: The certificate hostname validation is not performed during a secure connection.
Defines the port for SSL communications between CA ControlMinder clients and services.
Defines the full pathname to the subject certificate.
Was this helpful?
Thank you for your feedback.