Modifying the CADP for C Basic Configuration File

This section lists and defines each of the parameters within the CADP for C basic configuration file named cadp_for_c_basic.conf. The configuration file defines the IP address/Hostname, port, and protocol etc. of the CipherTrust Manager to which your client connects.

The configurations defined in the cadp_for_c_basic.conf file are used for silent installation. After the installation, the configurations defined in this configuration file are reflected in the CADP_PKCS11.properties and CADP_CAPI.properties files.

Modifying the Parameters in the Configuration File

The contents of the cadp_for_c_basic.conf file, including the default settings, are the following:

SERVER_IP=
SERVER_PORT=
SERVER_PROTOCOL=ssl
LOG_LEVEL=WARN
NAE_USER=
NAE_PASSWORD=
PASSPHRASE=
COUNTRY=US
STATE=California
CITY="San Jose"
ORG=Thales
ORG_UNIT=DIS
COMMON_NAME=
EMAIL=
BACKWARD_COMPATIBILITY_VAE=

If you plan to use the SSL protocol for communication between the client and the CipherTrust Manager, then configure all of the parameters within the configuration file. If you plan to use the TCP protocol, then provide values only for the following parameters:

• SERVER_IP

• SERVER_PORT

• SERVER_PROTOCOL

• LOG_LEVEL

• BACKWARD_COMPATIBILITY_VAE

SERVER_IP

The SERVER_IP parameter sets the IP address or hostname of the CipherTrust Manager. You can configure both the IPv4 as well as IPv6 addresses. Specify the IPv6 address within curly braces ({.....}). For example, {fe80:0:0:0:200:f8ff:fe21:67cf}. Specify the IPv4 address directly.

Use multiple IP addresses/hostnames separated by colons (:) when load balancing is used. For example, 192.168.1.100:192.168.1.101:192.168.1.102 for IPv4 and {fe80:0:0:0:200:f8ff:fe21:67cf}:{fe80:234f:0:0:200:f8ff:fe21:832d} for IPv6. A combination of IPv4 and IPv6 addresses can also be used. For example, 192.168.1.10:{fe80:0:0:0:200:f8ff:fe21:67cf}.

If you are using a load balancer in front of your CipherTrust Manager cluster, then use the IP address of the load balancer.

SERVER_PORT

The SERVER_PORT parameter specifies the port on which the client communicates with CipherTrust Manager. Your client must use the same port as the CipherTrust Manager.

SERVER_PROTOCOL

The SERVER_PROTOCOL parameter specifies the protocol used for communication between the client and server.
Possible settings:

• ssl - The ssl option enables TLSv1.2. This is the default setting.
• tcp - The tcp option.

LOG_LEVEL

The Log_Level parameter determines the level of logging performed by the client.

Possible settings:

• NONE – Disables client logging. It is recommended not to disable logging.

• ERROR – Only error messages are logged. For example, if you want that only error messages are logged, set Log_Level=ERROR.

• WARN – The client logs error messages and warnings. This is the default setting.

• INFO – The client logs error messages, warnings, and informational messages. This level generates a very large number of entries and is usually reserved for debugging. For example, if you want that error messages, warnings, and informational messages are logged, set Log_Level=INFO.

NAE_USER

The NAE_USER parameter refers to the username associated with the user account to use to log into the CipherTrust Manager. For example, nae_user.

NAE_PASSWORD

The NAE_PASSWORD parameter refers to the password (associated with the username defined in NAE_USER) to use to log into the CipherTrust Manager.

The following sections describe the parameters that are associated with the use of the server protocol of SSL. If you selected SSL, then the following parameters are required.

PASSPHRASE

The PASSPHRASE parameter refers to the passphrase associated with the client's private key.

COUNTRY

The COUNTRY parameter refers to the name of the country where your company or organization is legally incorporated.

STATE

The STATE parameter refers to the name of state or province where your company or organization is legally incorporated. Do not use an abbreviation.

CITY

The CITYparameter refers to the name of the city where your company or organization is legally incorporated. Do not use an abbreviation.

ORG

The ORG parameter refers the full legal name of your company or organization. Do not use an abbreviation. For example, thales.

ORG_UNIT

The ORG_UNIT parameter refers to the name of your business unit or department within your company or organization. For example, Marketing or Engineering.

COMMON_NAME

The COMMON_NAME parameter refers to the FQDN (fully-qualified domain name) you want to secure with the certificate. For example, www.thalesgroup.com.

EMAIL

The EMAIL parameter refers to the email address associated with the company. For example, support.internet@thalesgroup.com.

BACKWARD_COMPATIBILITY_VAE

This parameter is applicable to the CADP_PKCS11.properties file.

The BACKWARD_COMPATIBILITY_VAE parameter refers to whether to maintain backward compatibility with VAE, known as binary compatibility mode. This is applicable only if you have previously installed VAE on the machine on which you have installed CADP for C.

Possible settings:

• Y - Yes. Maintain backward compatibility with VAE. With this setting, the Client_Compatibility_Mode in the CADP for C PKCS11 property file (CADP_PKCS11.properties) will be set to LegacyVAE: Client_Compatibility_Mode=LegacyVAE. The Client_Compatibility_Mode indicates the mode in which the PKCS11 library runs. In LegacyVAE mode, the CADP for C PKCS11 library will execute specific functionality associated with the legacy VAE.

• N - No. Do not maintain backward compatibility with VAE. This is the default setting. If you set this setting to N (or you do not enter a value), then the compatiblity mode of CipherTrust is used: Client_Compatibility_Mode= CipherTrust. In CipherTrust mode, the CADP for C PKCS11 library will execute functionality associated with the converged CADP for C features.

Go back to the Installation section.