IBM DataPower application object

Application Domain

Policy Definable: Yes. Default: NA

The Application Domain where the certificate and private key are installed on the DataPower device. The default domain is used when no value has been assigned.

Associate To CP

Policy Definable: Yes. Default: 1

The setting of 1 (default) associates the SSL Proxy Profile with the Crypto Profile during provisioning to the DataPower device. Allows all virtual or backend SSL servers associated with the device to use the private key and certificate. Also requires CryptoProfile and a SSL Profile Type setting of 1, SSL Proxy Profile.

Certificate Name

Policy Definable: No. Default: NA

Required only when Use Basic Provisioning = 2. The name of the Crypto Certificate object to provision to the DataPower device.

Certificate Only

Policy Definable: Yes. Default: 2

The setting to control Trust Protection Platform provisioning:

• 1 = Provision only the certificate to the DataPower device.
• 2 = Provision both certificate and private key to the DataPower device.

Chain Cert

Policy Definable: No. Default: 1

A value of 1 specifies that Trust Protection Platform will install the chain onto the DataPower device.

Create CP

Policy Definable: Yes. Default: 1

A value of 1 specifies that Trust Protection Platform should a create crypto profile on the DataPower device.

Create IC

Policy Definable: No. Default: 1

A value of 1 specifies that Trust Protection Platform should create an identification credential from the provisioned certificate.

An identification set that contains of a certificate with a public key, private key, and SSL Proxy. The proxy sends the certificate to an SSL peer for negotiating an SSL/TLS connection. The certificate may also be used as the identity when signing, encrypting or decrypting documents.

Create VC

Policy Definable: No. Default: 0

Required when the certificate originates from a remote SSL client or server. A value of 1 specifies that Trust Protection Platform should create a validation credential from the provisioned certificate.

A validation credentials list authenticates certificates from SSL peers. The list can also validate certificates that are used in digital signature and encryption operations.

Credential

Policy Definable: Yes. Default: NA

The credential name that holds the Trust Protection Platform credential or certificate.

Credential Type

Policy Definable: Yes. Default: NA

The type of credential is based on its purpose:

1: Identification. The DataPower Gateway is an SSL proxy. The SSL Proxy Service sends its certificate to an SSL peer when negotiating an SSL/TLS connection. The certificate may also be used as the identity when signing, encrypting, or decrypting documents.

2: Validation. For remote authentication. Either the SSL client authenticates the certificate from a remote SSL server or a SSL server authenticates remote SSL clients. A validation credential authenticates certificates from SSL peers. The certificate can also be used in digital signature and encryption operations.

CryptoProfile

Policy Definable: Yes. Default: NA

Required if SSL Profile Type is 1(SSL Proxy). Describes a set of configuration information for creating SSL connections.

File Validation Disabled

Policy Definable: Yes. Default: 0

The setting to control file validation:

• 0 = Validate. Authenticate to the managed device using assigned credentials.
• 1 = Disable validation.

Fips Key

Policy Definable: No. Default: 0

The Federal Information Processing Standard (FIPS) encryption key.

FTP Credential

Policy Definable: No. Default: NA

The Distinguished Name of a Username Credential object that Trust Protection Platform uses when interfacing with the FTP Host.

FTP Host

Policy Definable: No. Default: NA

The FTP server that Trust Protection Platform uses to install certificates on the DataPower device. The value is the hostname, Fully Qualified Domain Name (FQDN), or IP address (IPv4 or IPv6) of the FTP server.

FTP Path

Policy Definable: No. Default: NA

The directory on the FTP host where Trust Protection Platform can write (or read) certificate files for import (or export) on the DataPower device.

FTP Port

Policy Definable: No. Default: 22

The TCP port 1 to 65535 that Trust Protection Platform uses to interface with the FTP Host. The default port for FTP and SFTP are 21 and 22, respectively.

Max Filesize

Policy Definable: No. Default: NA

Used internally.

Network Validation Disabled

Policy Definable: Yes. Default: 0

File validation by Trust Protection Platform:

• 0= Perform network validation by making an SSL connection to the managed device.
• 1 = Do not perform network validation.

Private Key Name

Policy Definable: No. Default: NA

The name of the Crypto Key object to provision to the DataPower device.

SSL Profile Type

Policy Definable: Yes. Default: NA

The way to secure the connection: 

• 1 = SSL Proxy.
• 2 = SSL Client. Secure outbound connections between the DataPower Gateway (acting as a client) and servers. 
• 3 = SSL Server. Secure inbound connections between clients and the DataPower Gateway (acting as a server).

SSL Proxy Profile

Policy Definable: Yes. Default: NA

Stores the SSL proxy, client, or server profile name.

Temp Certificate Label

Policy Definable: No. Default: NA

Used internally when creating unique generational file names for certificate and private key.

Policy Definable: Yes. Default: 1

The way the certificate is installed on the DataPower Device:

• 1: Advanced. Install the certificate. Then, bind it to all of the configuration elements on the DataPower device.

  2: Basic. Install the certificate. Create the crypto object that represents the certificate on the DataPower device. Requires Private Key Name.