SSL validation - Platform - BlueCat Gateway - 18.6.1

Gateway Administration Guide

prodname
BlueCat Gateway
version_custom
18.6.1

When you connect to BAM over HTTPS, use these options to specify custom certificates and validation. This is especially useful for secure environments where only port 443 is open for HTTPS connectivity and port 80 is closed, disabling HTTP.

Set certificate_dir_path or certificate_path to None if you are not using either option.

# Path to directory containing certificates to validate against when connecting to BAM via HTTPS.
# The directory must have been processed with the c_rehash utility supplied with OpenSSL.
# This path is relative to your mounted <dns_integrity_gateway> folder.
# Only one of certificate_dir_path or certificate_path will be used if both are set, with certificate_dir_path taking
# precedence.
certificate_dir_path = 'ps/certificates/'

# Path to certificate bundle to validate against when connecting to BAM via HTTPS.
# This path is relative to your mounted <dns_integrity_gateway> folder.
# Only one of certificate_dir_path or certificate_path will be used if both are set, with certificate_dir_path taking
# precedence.
certificate_path = None

# Whether to validate the server certificate - this will need to be False for self signed certs
validate_server_cert = False
CAUTION:
If you are are upgrading from DNS Integrity Gateway version 18.2.1 or earlier and wish to use the custom SSL certificate validation functionality, you must copy both the certificate_dir_path and certificate_path options, to your config.py file. Copy the following code into your config.py file if it does not exist:
certificate_dir_path = 'ps/certificates/'
certificate_path = None

For the custom certificate validation functionality to work correctly, both the options must exist. Only one option should be set at a time, and the option not being used, must be set to None.