Security - Message Engine - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Premier - Standard - external - Standard - Premier

Hyland Message Engine

Platform
OnBase
Product
Message Engine
Release
Foundation 23.1
License
Standard
Premier

A Security object must be configured for every endpoint, including forwarding sources and destinations, as well as for remote initiation clients and servers. The Security object contains a Mode child object which controls what type of secure connection to use for the endpoint.

To use an insecure connection for an endpoint, set the security Mode to a value of Disabled. No further configuration is required for the Security object.

To enable secure TLS connection for an endpoint, set the security Mode to a value of TLS.

When TLS security is enabled, the appropriate name/value pairs must be included in the Security object:

Name

Value

CertificateThumbprint

The thumbprint for the x509 certificate used to secure the connection. This value is required for TLS security.

Note:

The value of the Host specified for the endpoint must match either the Common Name or one of the Subject Alternate Names on the x509 certificate.

IgnoreCertificateRevocation

Controls whether certificates are checked against a revocation list. This can be useful for testing environments, where certificates are not supported by revocation lists.

A value of true causes certificates to be rejected if they cannot be checked against a revocation list. A value of false allows certificates to be accepted without being checked against a revocation list.

Note:

This name/value pair is optional to include, but if it is not specified, certificates that cannot be checked against a revocation list are rejected by default.

AllowedCertificateAuthorityThumbprints

Limits the certificates that can be used to connect to the endpoint to those which belong to a certificate chain containing a certificate whose thumbprint is listed in this value.

AllowedRemoteCertificateThumbprints

Limits the certificates that can be used to connect to the remote endpoint to those whose thumbprint is listed in this value.