Update Legacy Client Trust Mode Window


Use this window to update the client certificate trust mode that specifies how ExtremeCloud IQ Site Engine legacy java application clients handle the server certificates they receive. This option is only applicable if you use legacy java applications. Access this window from the Administration > Certificates tab.

ExtremeCloud IQ Site Engine use server certificates to provide secure communication between the ExtremeCloud IQ Site Engine server and legacy java application clients. When a server certificate is replaced, ExtremeCloud IQ Site Engine clients must be configured to trust the new certificate. A trust mode is used to determine how all clients handle updated certificates. You can set the client trust mode to one of the following options:

The user is prompted to accept or reject any untrusted server certificate.
If a client encounters a new certificate that is does not trust, the user is prompted to either accept or reject the new certificate. If the server certificate is replaced and the user expects to see the new certificate, then they can accept the certificate if it is correct. If the server certificate is not replaced and the client inadvertently connected to a server that is not trusted, then the user can reject the certificate.

If this option is selected, the Administration > Certificates tab displays the Trust Mode status (for example, CALLBACK) and its definition in the details field to the right of the Update button.
All server certificates are accepted.
All server certificates are accepted without a trust check. Use this option if there is no possibility for an untrusted client to connect to a server and the user does not need to be prompted to accept or reject a new certificate.

If this option is selected, the Administration > Certificates tab displays the Trust Mode status (for example, TRUSTALL) and its definition in the details field to the right of the Update button.
Any untrusted server certificate is rejected.
If a client encounters a new certificate that is does not trust, the certificate is rejected and the client connection fails. While this option is the most secure, if the server certificate is replaced, the new certificate is rejected. If you are replacing a server certificate, do not use this trust mode until all clients indicate they trust the new certificate.

If this option is selected, the Administration > Certificates tab displays the Trust Mode status (for example, NORMAL) and its definition in the details field to the right of the Update button.

 

For more information on how to use trust modes, see Advanced Security Options in the Secure Communication Help topic.


For information on related help topics: