Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

tia Core supports HTTP or HTTPS communication. It is not possible to have both at the same time.

Secure communication over HTTPS requires a certificate in stored as pkcs12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.

The following configuration must be made in container environmental variables.

Application-wide setting

Explanation

server.ssl.key-store-type

Key store format.

Supported are PKCS12 and JKS supported. PKCS12 is preferred.

server.ssl.key-store

Location of the keystore

server.ssl.key-store-password

Password for the keystore

server.ssl.key-alias

Alias for the certificate in the pkcs12 store

server.ssl.enabled

true: Enable HTTPS

As communication is on port configured by server.port parameter (default: 8080), also set this parameter to the port desired for HTTPS (e.g. 8443).

Example

This demonstrates how a self-signed certificate is created using keytool JavaSE utility.

The keystore file is named kgs.p12 and resides at host in directory ./tiacore.

The store password in the keytool command is test1234. Choose a secure password instead.

The parameters to be added into the command to start the container are given for docker run command (see also Deployment using Container (tC)).

  1. Create a keystore with a self signed certificate or skip this step with existing certificate.

keytool -genkeypair -alias kgs -storepass test1234 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650

  1. Edit the command to start the container

As the image reference must be last in docker run command, insert the parameter before.

Map the file in the container:

-v ./tiacore/kgs.p12:/application/kgs.p12

Add to environment variables:

-e SERVER_SSL_KEY-STORE-TYPE:PKCS12
-e SERVER_SSL_KEY-STORE:/application/kgs.p12
-e SERVER.SSL.KEY-STORE-PASSWORD:test1234
-e SERVER_SSL_KEY-ALIAS:kgs
-e SERVER_SSL_ENABLED:true

  • No labels