verification.properties
In the file "verification.properties" you can define for each partner how certificates should be checked if you want to deviate from the default setting.
The file is stored in the Ieffect installation folder in the OFTP2 directory. If the file does not exist or a setting is not specified, the corresponding default value is used. Lines beginning with # are ignored and can be used as comment lines.
The following values are available:
- self - Allows self-signed certificates
- date - The validity date is checked
- chain - It must be possible to build a certificate chain with the keystore or truststore. Each certificate is verified by its validity date and CRLs.
- crl - All CRLs in the certificate are checked
- tsl - The Odette OFTP2 TSL is used to check the issuer of the certificate
Special value to disable all checks: none
Note 1: The default behavior is always used for the SSL certificate, since the partner cannot be determined during this point of the connection.
Note 2: If a CRL cannot be reached, the cached version is used. If no version has been saved yet, the certificate is considered valid.
Example of strict Odette OFTP2 check:
ALIAS=date,chain,crl,tsl
Example to verify the certificate without internet access. Additionally, self-signed certificates are allowed to test the setup.
ALIAS=self,date,chain
Special partner alias to overwrite the default setting:
OFTP2_MODULE=self,date,chain