ServiceSSLKeyStore
- Last Updated: May 12, 2026
- 1 minute read
- OpenAccess SDK
- Version 9.0
- Documentation
Specifies the pathname of the keystore file containing the server public key certificate and the private key. When this pathname is not specified, only the anonymous cipher suites are published by the service; this means no server certificate support. When a ServiceSSLKeyStore is defined, the supported cipher suites in the service are limited to those cipher suites that work with server certificates.
Note: The ServiceSSLKeyStorePasswordFile service attribute must also be defined and contain the password of the keystore file (see ServiceSSLKeyStorePasswordFile).
When a keystore is defined, extra cipher suites, that is, supporting server certificates based on the type of private key, are supported by default.
The following table describes the default cipher suites that the service supports.
Cipher suites
| ServiceSSLKeyStore | Default Cipher Suite |
| None specified | TLS_DH_anon_WITH_AES_128_CBC_SHA |
| Defined with an RSA private key type | TLS_DH_anon_WITH_AES_128_CBC_SHA1 TLS_RSA_WITH_AES_128_CBC_SHA2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA2 |
| Defined with a DSA private key type | TLS_DH_anon_WITH_AES_128_CBC_SHA1 TLS_DHE_DSS_WITH_AES_128_CBC_SHA2 |
| Defined with the DHE or ECDHE private key type | TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_SHA256 |
1 To support monitoring and event tracing, the OpenAccess SDK Administrator clients must be able to access the SSL-enabled services. Because these clients do not support server certificates, the anonymous cipher suites must be supported by each service.
2 Support for SSL in the .NET Framework requires the use of server certificates.
Default
NULL
Type
Static