WildFly Full 25 Model Reference

  1. home
  2. subsystem=elytron
  3. trust-manager

A trust manager definition for creating the TrustManager[] as used to create an SSLContext.

Provided capabilities(1)

Name Dynamic Other provider points
org.wildfly.security.trust-manager true

none

Attributes (11)

  • algorithm The name of the algorithm to use to create the underlying TrustManagerFactory.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • certificate-revocation-list Enables certificate revocation list checks to a trust manager.
    • Attribute Value
    Type OBJECT
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • certificate-revocation-lists Enables certificate revocation list checks to a trust manager using multiple certificate revocation lists.
    • Attribute Value
    Type LIST
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • key-store Reference to the KeyStore to use to initialise the underlying TrustManagerFactory.
    • Attribute Value
    Capability reference
    Type STRING
    Nillable false
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • maximum-cert-path The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
    • Attribute Value
    Type INT
    Nillable true
    Expressions Allowed true
    Min 1
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • ocsp Enables online certificate status protocol checks to a trust manager.
    • Attribute Value
    Type OBJECT
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • only-leaf-cert Whether only leaf certificate should be checked for revocation status.
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • provider-name The name of the provider to use to create the underlying TrustManagerFactory.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • providers Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.
    • Attribute Value
    Capability reference
    Type STRING
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • soft-fail Whether a certificate with unknown OCSP response should be accepted.
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services

Operations (4)

  • add Add the new trust manager definition.
    Request Parameter Type Required Expressions Allowed Default value Description
    algorithm STRING false true The name of the algorithm to use to create the underlying TrustManagerFactory.
    alias-filter STRING false true A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
    certificate-revocation-list OBJECT false false Enables certificate revocation list checks to a trust manager.
    certificate-revocation-lists LIST false false Enables certificate revocation list checks to a trust manager using multiple certificate revocation lists.
    key-store STRING true false Reference to the KeyStore to use to initialise the underlying TrustManagerFactory.
    maximum-cert-path INT false true The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
    ocsp OBJECT false false Enables online certificate status protocol checks to a trust manager.
    only-leaf-cert BOOLEAN false false false Whether only leaf certificate should be checked for revocation status.
    provider-name STRING false true The name of the provider to use to create the underlying TrustManagerFactory.
    providers STRING false false Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.
    soft-fail BOOLEAN false false false Whether a certificate with unknown OCSP response should be accepted.
  • init Reinitialize trust manager.
  • reload-certificate-revocation-list Notify the trust manager in order to reload the certificate revocation list, if defined.
  • remove Remove the trust manager definition.