InlineSecurityGlobalConfig1

JSON Example

{
    "ca_signed_only": false,
    "crl_checking_enabled": false,
    "eku_checking_enabled": false
}

boolean

ca_signed_only

Optional

When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates. Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled.

boolean

crl_checking_enabled

Optional

Constraints: default: true

When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not.

boolean

eku_checking_enabled

Optional

Constraints: default: true

When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk. Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates.

Used By

SecurityGlobalConfig