> > | APPX Desktop Client parameters available for SSL datastream encryption.
Upon initial startup of the APPX Desktop Client, just prior to logging in, there are three tabs available, Local, Remote, and Options. Select Options, and then click the Advanced button. You should now see four many options available broken up into sections, one of which is labeled [SSL]. In the SSL section are five options.
SSLMode
- Required - Non SSL connections are not allowed. Only SSL encrypted connections are permitted. If you are connecting to a 4.2.a or earlier build of APPX Connection Manager that does not support SSL encryption, or you connect to a 4.3 APPX Connection Manager that has SSL disabled, then upon connection, you will be presented with a notification that SSL is not available. This notification will enable you to continue unencrypted or to terminate the connection.
- Optional - If both parties support SSL connection, then SSL connect, else fall back to non encrypted connection. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
- Disabled - No SSL connections allowed, therefore no datastream encryption. If you are connecting to a 4.2.a or earlier build of APPX, then you might experience a brief (<=3 second) handshake upon connection.
- Pre43 - Do not perform any SSL notification to the target server. This can speed up connections to older builds of APPX Connection managers, such as appxdsvc.exe, winappxd, and appxd that did not have SSL capabilities.
- True -
- False -
- True -
- False -
SSLSelfSignedAllowed -
- True -
- False -
SSLHandshakeTimeout -
- An integer 0 through 10, with the default being 3.
APPX Connection Manager SSL parameters.
RequireSSL - Not Implemented. Do not Use.
- true
- false
- True - Connecting clients must have client side SSL certificates.
- False- This is the default option. Connecting clients do not need to have client side SSL certificates.
ServerCertificateFile - This is the server's SSL public certificate
- The pathname of server's X509 certificate (leave blank for anonymous connections). An example is ServerCertificateFile=/usr/local/appx/tools/tubes.internal.appx.com.crt
ServerPrivateKeyFile - This is the server's SSL private server key
- Pathname of server's private key file (unlocks the ServerCertificateFile). An example is ServerPrivateKeyFile=/usr/local/appx/tools/tubes.internal.appx.com.private.key
- Passphrase that unlocks ServerPrivateKeyFile
SSLMode
- Enabled #SSL connection type (optional, required, disabled)
- Disabled
- Optional
TrustedCAFile = #determines which client certificates to trust |