Directory containing a server’s SSL keys and/or certificates.
|Used by Client?||Used by Server?||Command-Line Alternative||Can be set in P4CONFIG file?|
Value if not Explicitly Set
Helix Server processes (
p4broker) that accept SSL connections require a
certificate and key pair (stored in this directory) on startup. In order
for any of these processes to start, the following additional conditions
must be met:
P4SSLDIRmust be set to a valid directory.
P4SSLDIRdirectory must be owned by the same userid as the one running the Helix Server, proxy, or broker process. The
P4SSLDIRdirectory must not be readable by any other user. On UNIX, for example, the directory’s permissions must be set to 0700 (
drwx------) or 0500 (
Two files, named
certificate.txt, must exist in
These files correspond to the PEM-encoded unencrypted private key and certificate used for the SSL connection. They must be owned by the userid that runs the Helix Server, proxy, and broker process, and must also have their permissions set such as to make them unreadable by other users. On UNIX, for example, the files' permissions must be set to 0600 (
-rw-------) or 0400 (
You can supply your own private key and certificate, or you can use
p4d -Gcto generate a key and certificate pair. For more information, see Key and certificate generation in the Helix Core Server Administrator Guide.
To generate a fingerprint from your server’s private key and certificate, run
p4d -Gf. (
P4SSLDIRmust be configured with the correct file names and permissions, and the current date must be valid for the certificate.)
After you have communicated this fingerprint to your end users, your end users can then compare the fingerprint the server offers with the fingerprint you have provided. If the two fingerprints match, users can use
p4 trustto add the fingerprint to their