watt.security.cert. wmChainVerifier.trustByDefault

Hi, everyone!! :slight_smile:

I’d like to ask you regarding CA Certificate Directory setting.

In the help, it says…
If you want the server to trust no certificate authorities, be sure to set the watt.security.cert.wmChainVerifier.trustByDefault property to False and leave this field blank.

I tried not to set it to False and just leave the CA Certificate Directory field blank or wrong directory.

- watt.security.cert.wmChainVerifier.trustByDefault=true in server.cnf
- CA Certificate Directory : unspecified in Security > Certificates

The server seems not to trust certificate authorities as well.

Nevertheless, do I have to set watt.security.cert.wmChainVerifier.trustByDefault property to False?

I’m looking forward many replies. :wink:

Thanks in advance.

Hi

I have exactly the same problem (IS 6.5, SP3), it´s included in the following thread: http://www.wmusers.com/forum/showthread.php?t=14512

I´ve reproduced it by letting the IS be both the client and the server.

Basically, what I did was:
-Ceate a self sign certificate
-Define a port using https as the transport protocol, point out the self signed certificate here
-invoke a service (on the IS) using SSL and see if the IS trusts the server certificate).


I had the following settings:
watt.security.ssl.client.ignoreEmptyAuthoritiesList=true
watt.security.ssl.ignoreExpiredChains=true
watt.security.cert.wmChainVerifier.trustByDefault=true


Please let me know if you solve this issue :slight_smile:

Regards
Mikael

Just realized the following:
watt.security.cert.wmChainVerifier.trustByDefault only applies when the IS is acting as a server.