Command Reference > infacmd isp Command Reference > ListDomainCiphers
  

ListDomainCiphers

Lists one or more of the following cipher suite lists: blacklist, default list, effective list, or whitelist.
When you use secure communication within the domain and secure connections to web clients, Informatica uses an effective list of cipher suites to encrypt traffic. Informatica determines the effective list of cipher suites based on the following lists:
Blacklist
List of cipher suites that you want the Informatica domain to block. When you add a cipher suite to the blacklist, the Informatica domain removes the cipher suite from the effective list. You can add cipher suites that are on the default list to the blacklist.
Default list
List of cipher suites that the Informatica domain supports by default.
Whitelist
List of cipher suites that you want the Informatica domain to support in addition to the default list. When you add a cipher suite to the whitelist, the Informatica domain adds the cipher suite to the effective list. You do not need to add cipher suites that are on the default list to the whitelist.
Use the ListDomainCiphers command to view the cipher suite lists.
The ListDomainCiphers command uses the following syntax:
ListDomainCiphers

<-DomainName|-dn> domain_name

<-UserName|-un> user_name

<-Password|-pd> password

[<-SecurityDomain|-sdn> security_domain]

[<-Gateway|-hp> gateway_host1:port gateway_host2:port...]

[<-ResilienceTimeout|-re> timeout_period_in_seconds]

[<-lists|-l> comma_separated_list_of_cipher_configurations...(ALL,BLACK,WHITE,EFFECTIVE,DEFAULT)]

The following table describes infacmd isp ListDomainCiphers options and arguments:
Option
Argument
Description
-DomainName
-dn
domain_name
Required. Name of the Informatica domain. You can set the domain name with the -dn option or the environment variable INFA_DEFAULT_DOMAIN. If you set a domain name with both methods, the -dn option takes precedence.
-UserName
-un
user_name
Required if the domain uses Native or LDAP authentication. User name to connect to the domain. You can set the user name with the -un option or the environment variable INFA_DEFAULT_DOMAIN_USER. If you set a user name with both methods, the -un option takes precedence.
Optional if the domain uses Kerberos authentication. To run the command with single sign-on, do not set the user name. If you set the user name, the command runs without single sign-on.
-Password
-pd
password
Required if you specify the user name. Password for the user name. The password is case sensitive. You can set a password with the -pd option or the environment variable INFA_DEFAULT_DOMAIN_PASSWORD. If you set a password with both methods, the password set with the -pd option takes precedence.
-SecurityDomain
-sdn
security_domain
Required if the domain uses LDAP authentication. Optional if the domain uses native authentication or Kerberos authentication. Name of the security domain to which the domain user belongs. You can set a security domain with the -sdn option or the environment variable INFA_DEFAULT_SECURITY_DOMAIN. If you set a security domain name with both methods, the -sdn option takes precedence. The security domain name is case sensitive.
If the domain uses native or LDAP authentication, the default is Native. If the domain uses Kerberos authentication, the default is the LDAP security domain created during installation. The name of the security domain is the same as the user realm specified during installation.
-Gateway
-hp
gateway_host1:port gateway_host2:port ...
Required if the gateway connectivity information in the domains.infa file is out of date.The host names and port numbers for the gateway nodes in the domain.
-lists
-l
comma_separated_list_of_cipher_configurations
Optional. Comma-separated list of arguments that specifies the cipher suites that you want to display.
The argument ALL displays the blacklist, default list, effective list, and whitelist.
The argument BLACK displays the blacklist.
The argument DEFAULT displays the default list.
The argument EFFECTIVE displays the list of cipher suites that the Informatica domain supports.
The argument WHITE displays the whitelist.
Note: The arguments are case-sensitive.
When you run the command on a gateway node and omit this option, the command displays all cipher suite lists.
When you run the command on a worker node and omit this option, the command displays the default and effective cipher suite lists.