The bfclient.conf file contains settings used to enable secure communications (SSL) and password encryption. It contains the following sections:
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_services_hostname | Specified during installation | n/a | Yes | Hostname where the Build Forge services layer is located |
bf_services_tcp_port | Specified during installation | n/a | Yes | TCP port for connecting to Build Forge services. It is used when SSL is not specified. |
bf_services_ssl_port | Specified during installation | n/a | Yes | SSL port for connecting to BuildForge services securely |
bf_services_preferred_protocol | tcp | ssl, tcp | Yes | For Perl or PHP clients, specifies SSL or TCP for making connections. For Java clients, the SecureAPIClientConnection object specifies SSL and APIClientConnection specifies TCP. |
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_login_user | None | UserID in Build Forge users list | No | Used as the login ID. The login ID can also be specified within a client program. |
bf_login_password | None | Password for bf_login_user | Yes, if bf_login_user is used | Password for bf_login_user |
bf_login_realm | None | LDAP domain name | No | LDAP domain to query if the user Is not already in the User table. |
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_ssl_usage | None | jsse, openssl | Yes | Selects the SSL implementation. Depending on the selection, different properties are available. |
bf_ssl_cipher_group | ALL | ALL, HIGH, MEDIUM, LOW | No | Specifies the group of ciphers to be provided during the SSL handshake. HIGH is the most secure, LOW gives the best performance, ALL is the most interoperable. |
bf_ssl_cipher_override | None | Cypher suites that you provide | No | Overrides bf_ssl_cipher_group. Can be used to choose a smaller set of ciphers to use during the SSL handshake. |
bf_ssl_protocol | TLSv1 | TLSv1, SSLv3. Can vary with implementation. | No | Handshake protocol used by SSL. TLSv1 is the preferred protocol. |
bf_ssl_cert_alias | None | Valid certificate alias in the configured keystore | No | Specifies the certificate to use. This is possible when multiple certificates are in the same keystore. |
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_ssl_key_ref | openssl_key | Any valid PEM keystore reference which contains a private key | No | Reference to a keystore configuration that contains a private key for the client to use when connecting to a server. When used, you must also specify a valid certificate for this private key in bf_ssl_cert_ref. Used only when the server is set up to request personal certificates. |
bf_ssl_cert_ref | openssl_cert | Any valid PEM keystore reference that contains a certificate for the specified private key | No | Reference to a keystore configuration that contains a certificate for the private key above. Used only when the server is set up to request personal certificates. |
bf_ssl_ca_ref | openssl_ca | Any valid PEM keystore reference that contains one or more certificates used to validate the server certificates which this client is connecting to | Yes | Reference to a keystore configuration that contains one or more signer certificates used to validate server certificates during an SSL handshake. The certificates can be CA root, intermediate, or self-signed. |
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_ssl_keystore_ref | jsse_keystore | Any valid PKCS12, JKS, or JCEKS keystore reference that contains a keyEntry (private key and certificate) | No | Reference to a keystore configuration that contains a personal certificate (private key and associated certificate) for the client to use when connecting to a server. This is necessary only when the server requests a personal certificate for client authentication. |
bf_ssl_truststore_ref | jsse_truststore | Any valid PKCS12, JKS, or JCEKS keystore reference that contains a keyEntry (private key and certificate) | Yes | Reference to a keystore configuration that contains signer certificates used to validate server certificates during an SSL handshake. The keystore contains one or more trustedCertEntries, which are certificates used to validate other certificate signatures. |
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_keystore_alias | Various | String | Yes | This is the name an SSL configuration uses to refer to the keystore configuration. |
bf_keystore_location | Various | Relative or fully qualified path to a keystore of the type specified | Yes | This is the path and location to the keystore of the type specified. The path can be a relative path, but it must be correct with respect to the starting directory. |
bf_keystore_type | PEM for openssl, PKCS12 for jsse | PEM for openssl. PKCS12, JCEKS, or JKS for “jsse” | Yes | The type of the keystore. Must match the actual keystore type referenced by the bf_keystore_location property. |
bf_keystore_password | Specified during installation | A string supported by the keystore type. Some keystores do not support non-ASCII strings. | No | The password for accessing the keystore. For OpenSSL, the password is usually not required for Cert and CA keystores containing just public keys. |
Attribute name | Default | Possible Values | Required | Description |
---|---|---|---|---|
bf_pw_crypt_enabled | false | true, false | No | Specifies whether passwords are encoded (false) or encrypted (true). When enabled, the password encryption implementation uses a file called bfpwcrypt.conf located in the same directory as bfclient.conf. |