# Server Connection: HTTPS Fields with the asterisk \* are mandatory.
ValueDescription
SERVER NAME *Enter a unique name for the server.
DESCRIPTION * Provide a brief description of the server.
PORT *Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.
SERVER KEYLABEL *Enter the Key identifier about keystore store to select Private Key and Certificate to create SSL connection.
MAX SESSIONSpecify the maximum number of active sessions.
CONNECTION TIMEOUTDefine the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.
REQUIRE CLIENT AUTHENTICATION *Enable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting.
If enabled, the CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.
CLIENT CERTIFICATION MATCHThis field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:
- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the Certificate must contain the user name.
AUTHENTICATION PROTOCOLSelect the SSL authentication protocol. Possible values:
- ALL
- ONLY SPECIFIC VALUES:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
TLSv1_3
ACCEPTED CIPHER SUITESSelect the cipherSuites accepted to establish SSL connection.
For a list of all accepted Cipher Suites, follow this link.
DMZ mode
NONE (default)No session proxying through DMZ Gateway application.
PORT_FORWARDINGIncoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SESSION_TERMINATIONThe server session will be terminated inside the DMZ Gateway, before data is sent to STENG server.
DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.
SERVER PORT *: Enter the DMZ server port to be used for the connection.
SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway.
REQUIRE CLIENT AUTHENTICATION *: Enable to use SSL Client authentication in DMZ. The remote X.509 client certificate will be validated by the DMZ HTTP/S server before the connection is routed to STENG server.
If enabled, the DMZ CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.
If the HTTP client on DMZGateway is connecting to an HTTP Server with clientAuthentication=true on the STENG, check the client certificate coming from the client HTTP into the Untrusted Cache. Then trust the client certificate and check the Trust Store.
DMZ CLIENT CERTIFICATION MATCH: This field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values:
- NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.
- CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.
- CNCONTAINS: the Common Name field of the Certificate must contain the user name.
AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values:
- ALL
- ONLY SPECIFIC VALUES:
SSLv3
TLSv1
TLSv1_1
TLSv1_2
SSLv2Hello
ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the FTP/S server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this link.
To change any DMZ port of an HTTPS server that belongs to a peer, select the server you want to update. Next, click the pencil icon in the top-right corner of the server card. Enter the new port or ports in the appropriate fields. Finally, click the **SAVE** button to confirm your changes. Remember that the new port number will only affect the peer's selected server. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-mover-1.21/transfer-protocols-and-connectors/server-connections/server-connection-https.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.