ServiceSSLKeyStore

Specifies the pathname of the keystore file containing the server public key certificate and the private key. When this pathname is not specified, only the anonymous cipher suites are published by the service; this means no server certificate support. When a ServiceSSLKeyStore is defined, the supported cipher suites in the service are limited to those cipher suites that work with server certificates.

Note: The ServiceSSLKeyStorePasswordFile service attribute must also be defined and contain the password of the keystore file (see ServiceSSLKeyStorePasswordFile).

When a keystore is defined, extra cipher suites, that is, supporting server certificates based on the type of private key, are supported by default.

Table 32. Cipher suites
ServiceSSLKeyStore	Default Cipher Suite
None specified	TLS_DH_anon_WITH_AES_128_CBC_SHA
Defined with an RSA private key type	TLS_DH_anon_WITH_AES_128_CBC_SHA¹ TLS_RSA_WITH_AES_128_CBC_SHA² TLS_DHE_RSA_WITH_AES_128_CBC_SHA2
Defined with a DSA private key type	TLS_DH_anon_WITH_AES_128_CBC_SHA1 TLS_DHE_DSS_WITH_AES_128_CBC_SHA2

¹ To support monitoring and event tracing, the OpenAccess SDK Administrator clients must be able to access the SSL-enabled services. Because these clients do not support server certificates, the anonymous cipher suites must be supported by each service.

² Support for SSL in the .NET Framework requires the use of server certificates.

ServiceSSLKeyStore

Default

Type