dnuser

CFTSSL

dnuser='(string1, string2)'

Transfer CFT syntax

The new syntax is listed here. For continued compatibility, you can still use the 2.4.x syntax.

  •   dnuser=’ (“string1“ Op “string2“)’
    where the remote certificate DN must contain string1 Op string2, and Op is a OR/OU binary operator or AND/ET binary operator
  •  dnuser=’ ( “string1“ Op ! “string2“)’ 

Where the remote certificate DN must contain string1 Op NOT(string2), and Op is a  OR/OU binary operator or AND/ET binary operator.

CFT 2.4 and earlier syntax

Enter strings that are limited to 512 bytes each. A check is performed as follows:

  • dnuser='C=FR/O= Axway/ OU=MFT Demonstration', means the remote certificate DN must contain this string.
  • dnuser='C=UK,O=Axway' means that the remote certificate must contain 'C=UK' string OR 'O=Axway' string.

Additionally you can configure Transfer CFT to accept or reject SSL connections based on logical operators used within the DN of the certificate:

  • dnuser='(“string1“ Op “string2“)' means the remote certificate DN must contain string1 Op string2 where Op is the OR or AND binary operator
  • dnuser='( “string1“ Op ! “string2“)' means the remote certificate DN must contain string1 Op NOT(string2) where Op is the OR or AND binary operator

Note that the different attributes of the dnuser or dnissuer string are separated by the '/' character.

Return to Command index

Related Links