ssl-verify-peer-mode

Level of client verification required by the server instance

Syntax

--ssl-verify-peer-mode mode

Description

ssl-verify-peer-mode specifies whether the server requires clients to present a valid certificate to connect to it. Server instances allow clients to connect to it with or without providing a valid certificate. All requests will still require authorization.

If you set ssl-verify-peer-mode to verify-peer-require-peer-cert, you must set either the x509-ca-file-store or x509-use-system-store property.

Parameters

mode

Mode used to authenticate clients. Valid values are:

  • no-verify-peer — No peer certificate verification. The client side does not need to provide a certificate.

  • verify-peer-require-peer-cert — The client must provide a certificate and the certificate will be verified.

The default is no-verify-peer.

Examples

Require clients to provide a certificate.

--ssl-verify-peer-mode verify-peer-require-peer-cert