Peercertfingerprint; Port - HP NonStop SSL Reference Manual

•
If the matching fails, the connection will be rejected.

PEERCERTFINGERPRINT

Use this parameter to enforce verification of the leaf certificate of the remote peer. In server runmodes this parameter is
used to verify the fingerprint of the client certificate, in client runmodes it is used to verify the fingerprint of the server
certificate.
Parameter Syntax
PEERCERTFINGERPRINT * | sha1-fingerprint
Arguments
*
No fingerprint verification.
sha1-fingerprint
the expected sha1 fingerprint of the remote certificate.
Default
The default for this parameter is '*' which means the fingerprint of the remote leaf certificate (i.e. client or server cert,
depending on runmode) will not be verified.
Examples
PEERCERTFINGERPRINT da39a3ee5e6b4b0d3255bfef95601890afd80709
Considerations
•
This parameter does not adhere to the HASHALGORITHMS parameter (yet), instead fingerprints should be
given in SHA1 format.
•
This parameter should not be used together with the parameter PEERCERTCOMMONNAME as behavior may
be unpredictable then.
•
If other than '*', the actual fingerprint of the remote server certificate will be compared against the value of the
parameter.
•
If the actual value in the certificate is part of the value configured in the parameter, it will be accepted. This
allows configuring a list of fingerprints or common names.
•
Fingerprints will be compared both as MD5 and SHA1 hashes, however for security reasons you should not use
MD5 anymore.
•
If the matching fails, the session will be rejected.

PORT

Use this parameter to specify the port number a HP NonStop SSL server should listen for incoming connections.
Parameter Syntax
PORT number
Arguments
number
the decimal number of a TCP/IP port.
Default
HP NonStop SSL Reference Manual
Configuration • 69