set_certificate_host_validation

Enable this API to ensure that the central manager verifies that the SSL certificates contain a valid host name for all of its managed units.

When enabled, the central manager verifies that the SSL certificates contain a valid host name for all of the managed units. The default setting is 0 (false).

To ensure that all managed units have a valid SSL Certificate for the GUI, create a CSR and obtain a valid SSL certificate. Valid SSL certificates can also be obtained by using the create self-signed gui CLI command.

For more information about create self-signed gui, see Certificate CLI Commands
Note: If set_certificate_host_validation is enabled on a central manager when a managed unit has an invalid SSL Certificate, the communication between the central manager and managed unit fails.

This API is available in Guardium V10.6 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/setHostValdation

GuardAPI syntax

set_certificate_host_validation parameter=value

Parameters

Parameter Value type Description
enable Boolean Required. Valid values:
  • 0 (false) - Default.
  • 1 (true)
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.