These properties identify the value for SSL ApprovalCallback. If the checkSubjectAltName or resolveIPAddress feature is enabled, you must create cert7.db and key3.db with the prefix value ofcom.iplanet.am.admin.cli.certdb.prefix in the com.iplanet.am.admin.cli.certdb.dirdirectory. Then restart Access Manager .
com.iplanet.am.jssproxy.checkSubjectAltName
Default value is false. When enabled, a server certificate includes the Subject Alternative Name (SubjectAltName) extension, and Access Manager checks all name entries in the extension. If one of the names in the SubjectAltName extension is the same as the server FQDN, Access Manager continues the SSL handshaking. To enable this property, set it to a comma separated list of trusted FQDNs. For example: com.iplanet.am.jssproxy.checkSubjectAltName= amserv1.example.com,amserv2.example.com
com.iplanet.am.jssproxy.resolveIPAddress
Default value is false.
com.iplanet.am.jssproxy.trustAllServerCerts
Default value is false. If enabled (true), Access Manager ignores all certificate-related issues such as a name conflict and continues the SSL handshaking. To prevent a possible security risk, enable this property only for testing purposes, or when the enterprise network is tightly controlled. Avoid enabling this property if a security risk might occur (for example, if a server connects to a server in a different network).
com.iplanet.am.jssproxy.SSLTrustHostListIf set, Access Manager checks each server FQDN in the list against the server host in the certificate CN. If there is a FQDNs in the list that is matched with server certificate cn, Access Manager continues the SSL handshaking even if there is "Incorrect Domain name error". Use the following syntax to set the property:
com.iplanet.am.jssproxy.SSLTrustHostList = fqdn_am_server1 ,fqdn_am_server2, fqdn_am_server3
com.sun.identity.jss.donotInstallAtHighestPriority
Default value is false. Determines if JSS will be added with highest priority to JCE. Set to true if other JCE providers should be used for digital signatures and encryptions.