System Settings Tab

To inspect or modify global settings, Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ System Settings.

→ The system settings are presented.

Note
The following system settings can be changed using the ucl system-settings set only:
- No-cert
- Is-fips

Warning
To activate a change of the setting that has "yes" in the "Service Restart" column, restart the EKMClosedEnterprise Key Management - previous name of the product. service as follows: 
- In a non-FIPSClosedFederal Information Processing Standards - standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors system, restart it on all EP servers. Refer to EKM Service Management.
- In a FIPSClosedFederal Information Processing Standards - standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors system, restart it on all server triplets. Refer to EKM Service Restart in FIPS Triplet.

Synchronization and Refresh

Description Default Service Restart Reference
Keys refresh interval (in minutes). 60 minutes yes Refresh and Sync Timers
Randomness seed refresh interval (in hours).
12 hours yes
DB sync interval (in minutes).
5 minutes yes

Automatic Key Rotation Hour

Name Default Service Restart Reference
Automatic key rotation hour
00:00 yes Periodic Rotation

CORE Server-to-Server connection setup, write and read timeouts

Name Default Service Restart Reference
Inter-Server connection setup timeout (msec).
0 (use OS timeout) yes Connection Timeouts
Inter-server message-delivered timeout (msec). 0 (use OS timeout) yes
Inter-server request-response timeout (msec).
0 (use OS timeout) yes

CORE Server-to-Server keep-alive probes on idle links

Name Default Service Restart Reference
Keepalive idle period (seconds) 180 secs yes Keep-Alive Timers
Keepalive probe period (seconds) 60 secs yes
Keepalive failures max 20 yes

CORE server and trust certificate expiry periods

Name Default Service Restart Reference
Root CA certificate expiry alert (days) 180 days no Certificate Validity Settings
Root CA certificate validity period (days)  2922 days (~8 yearsClosedFor any time interval setting in years, 1 year is converted to 365 days) no
Server certificate expiry alert (days) 180 days no
Server certificate validity period (days) 1096 days (~3 yearsClosedFor any time interval setting in years, 1 year is converted to 365 days) no
Client certificate expiry alert (minutes) 129600 min (~3month) no
Client certificate validity period (minutes) 1578240 min (~3.5 yearsClosedFor any time interval setting in years, 1 year is converted to 365 days) no

Originator's IP verification in the authentication token

Name Default Service Restart Reference
Verify JWTClosedJSON Web Token - means of representing claims transferred between two parties  originator IP
yes no Check_jwt_originator

LDAPClosedLightweight Directory Access Protocol Provider Settings

Name Default Service Restart Reference
Don't verify LDAPClosedLightweight Directory Access Protocol provider's certificate

0

no LDAP UI Settings
LDAPClosedLightweight Directory Access Protocol provider's trust certificate Mandatory
no
LDAPClosedLightweight Directory Access Protocol Provider's URL FQDNClosedFully-qualified domain name - The complete domain name for a specific computer or host. - mandatory
Default port: 636.
no
LDAPClosedLightweight Directory Access Protocol search base The root of the directory. no
LDAPClosedLightweight Directory Access Protocol custom filter for user search '(&(?objectClass=user)(?sAMAccountName=myid)' no
LDAPClosedLightweight Directory Access Protocol distinguished name (DNClosedDistinguished name - user's full name with a list of attributes that distiguish it from the other users with the same name) Mandatory
no
LDAPClosedLightweight Directory Access Protocol CORE DNClosedDistinguished name - user's full name with a list of attributes that distiguish it from the other users with the same name's password Mandatory
no