|
Always configure a secure HTTP server. Otherwise, the EMS and LSR log warning messages when SSL, authentication, or certificate validation is disabled or if self-signed certificates are allowed.
|
EMS Version
|
OpenSSL Version
|
FIPS Supported?
|
---|---|---|
5.4.5
|
OpenSSL 1.0.2q
|
No. This version and later versions of OpenSSL do not support FIPS. The distibution still contains the axTLS library, but for best security, it strongly recommended to use OpenSSL..
|
5.4.6
|
OpenSSL 1.0.2r
|
No. The axTLS library is no longer provided in the distribution bundle. Only OpenSSL libraries are provided in the distribution bundle.
|
5.4.7, 5.4.8, 5.4.9
|
OpenSSL v.1.1.1c
|
No.
|
5.4.10
|
OpenSSL 1.1.1j
|
No
|
|
Starting with v.5.4.8, the EMS provides a property called http_client_ca_certs that allows the use of a separate Certificate Authority (CA) certificate file that will only be used for Edge-to-Edge HTTPS connections. If this option is not used, the default CA certificate list that is used to validate the platform connection is used. This property is in the certificates group in the EMS configuration file. For more information, refer to Configuring the EMS to Use a Different Certificate Chain for Edge to Edge
Communications (Optional).
|