HTTPS Certificate Configuration
Specify Cipher Suites to use for HTTPS (Optional)
7
<Server install root>\McAfee\McAfee Database Security\conf . For example: C:\Program
Files\McAfee\McAfee Database Security\conf.
Modify the SSL Connector element by changing the value of the attribute clientAuth from "false" to
"true".
Add to the SSL Connector element the attribute truststoreFile with the value of the keystore
containing trusted CA certificates to use for validating client certificates. This file may be the same as
used for the keystore element. See sections: “Generate a Keystore” and “Import a signed certificate”
on how to create a keystore and import trusted certificates.
Sample configuration change
The following is a sample configuration change of the connector element in sever.xml:
<Connector port="8443" server="McAfee WebServer" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
clientAuth="true" truststoreFile="C:\Program Files (x86)\Mcafee\McAfee Database
Security\httpsKeystore\.keystore" sslProtocol="TLS" keystore="C:\Program Files
(x86)\McAfee\McAfee Database Security\httpsKeystore\.keystore" />
Specify Cipher Suites to use for HTTPS (Optional)
It is possible to specify the cipher suites that are used for HTTPS communication, thereby disabling
cipher suites that do not match company policy.
The cipher suites are specified by modifying the configuration file server.xml located in the DAM conf
dir. Conf dir is located at:
<Server install root>\McAfee\McAfee Database Security\conf . For example: C:\Program
Files\McAfee\McAfee Database Security\conf.
Open the server.xml file for editing and modify the SSL Connector element by adding to it an attribute
ciphers with a value of a comma separated list of supported ciphers.
After the configuration change, you need to restart the DAM Server for the change to take effect.
Sample configuration change
The following is a sample configuration change of the connector element in sever.xml:
<Connector port="8443" server="McAfee WebServer" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystore="C:\Program Files (x86)\McAfee\McAfee
Database Security\httpsKeystore\.keystore" ciphers="SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />
Supported ciphers
List of supported ciphers (more info available at:
http://download.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJ
SSEProvider ):