A Security object must be configured for every endpoint, including forwarding sources and destinations, as well as for remote initiation clients and servers. The Security object contains a Mode child object which controls what type of secure connection to use for the endpoint.
To use an insecure connection for an endpoint, set the security Mode to a value of Disabled. No further configuration is required for the Security object.
To enable secure TLS connection for an endpoint, set the security Mode to a value of TLS.
When TLS security is enabled, the appropriate name/value pairs must be included in the Security object:
Name |
Value |
---|---|
CertificateThumbprint |
The thumbprint for the x509 certificate used to secure the connection. This value is required for TLS security. Note:
The value of the Host specified for the endpoint must match either the Common Name or one of the Subject Alternate Names on the x509 certificate. |
IgnoreCertificateRevocation |
Controls whether certificates are checked against a revocation list. This can be useful for testing environments, where certificates are not supported by revocation lists. A value of true causes certificates to be rejected if they cannot be checked against a revocation list. A value of false allows certificates to be accepted without being checked against a revocation list. Note:
This name/value pair is optional to include, but if it is not specified, certificates that cannot be checked against a revocation list are rejected by default. |
AllowedCertificateAuthorityThumbprints |
Limits the certificates that can be used to connect to the endpoint to those which belong to a certificate chain containing a certificate whose thumbprint is listed in this value. |
AllowedRemoteCertificateThumbprints |
Limits the certificates that can be used to connect to the remote endpoint to those whose thumbprint is listed in this value. |
MinimumTlsVersion | Sets the minimum required TLS version for the connection. Example: Tls12 = TLS 1.2. |