OpenSSL Certificate Verification Depth

(OpenSSL only) Specifies how deeply the agent verifies AM’s server certificate before deciding the certificate is not valid.

The depth is the maximum number of CA certificates that are followed while verifying the server certificate. If the certificate chain is longer than allowed, the certificates above the limit are ignored.

The property accepts the following values:

  • 0: Only self-signed certificates are accepted.

  • 1: Client certificates can be self-signed or must be signed by a CA which is directly known to the agent container.

  • 2 or more: A chain of the specified number of certificates, including the previous ones. For example, the value 5 allows certificates from level 0 to level 5.

This property is relevant only when server certificate validation is enabled (Server Certificate Trust is false).

Default: 9

Property name

org.forgerock.agents.config.cert.verify.depth

Property aliases

org.forgerock.agents.config.cert.verify.depth (since 4.x)

Type

Integer

Bootstrap property

Yes

Required property

No

Restart required

No