| Field | Description |
| TCP Authentication |  |
| Anonymous | (Applies to all Internet sites, except IMAP and POP3)
Choose one:
- Yes -- To allow anonymous access to this site
- No -- To prohibit anonymous access
|
| Name & password | Choose one:
- Yes -- To require a user to authenticate with the user's name and Internet password to access the site
- No -- To not require name and password authentication
|
| Redirect TCP to TLS | (Applies to Web Site only) Choose one:
- Yes -- To require clients and servers to use the TLS protocol to access the Web site
- No -- To allow clients and servers to use TLS or TCP/IP to access the Web site
|
| TLS Authentication | |
| Anonymous | (Applies to all Internet sites, except IMAP and POP3)
Choose one:
- Yes -- To allow users access over the TLS port without authenticating with a name and password
- No -- To deny users anonymous access
|
| Name & password | Choose one:
- Yes -- To require a user to authenticate with user name and Internet password in order to access this site using TLS
- No --To not require a name and password
|
| Client certificate | (Applies to Web Site, IMAP, POP3, and LDAP)
Choose one:
- Yes -- To require a client certificate for access to this site
- No -- To not require a client certificate
|
| TLS Options | |
| Key file name | Specify one of the following:
- If a certstore.nsf configuration is used, specify the host name of the server or any other certificate present in certstore.nsf for the server.
- If certstore.nsf configuration is not used, specify the kyr file.
|
| Accept TLS site certificates | Choose one:
- Yes -- To accept the certificate and use TLS, even if the server does not have a certificate in common with the protocol server
- No (default) -- To prohibit the acceptance of TLS site certificates for access
|
| Accept expired TLS certificates | Choose one:
- Yes -- To allow clients access, even if the client certificate is expired
- No -- To prohibit client access using expired TLS certificates
|
| Check for CRLs | Choose one:
- Yes -- To check the certifier's Certificate Revocation List (CRL) for the user certificate you are attempting to validate. If a valid CRL is found and the user certificate is on the list, the user certificate is rejected.
- No -- To not use Certificate Revocation Lists
|
| Trust expired CRLs | Choose one:
- Yes -- To use expired but otherwise valid Certificate Revocation Lists when attempting to validate user certificates
- No -- To reject expired Certificate Revocation Lists
|
| Allow CRL search to fail | Choose one:
- Yes -- If the attempt to locate a valid Certificate Revocation List fails, proceed as if Check for CRLs is set to No.
- No -- If a valid Certificate Revocation List for the user certificate is not found, reject the certificate. If Trust expired CRLs is set to Yes, an expired CRL is valid. If Trust expired CRLs is set to No, the authentication will fail for every user certificate for which a matching valid CRL is not located.
|
| TLS Security | |
| TLS ciphers | Click Modify to change the TLS cipher settings for this site document. These settings apply only to TLS v3. TLS v2 ciphers cannot be changed. |