Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

tia Core supports HTTP or HTTPS communication. It is not possible to have both at the same time.

Secure communication over HTTPS requires a certificate in stored as pkcs12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.

The following configuration must be made in container environment variables.

For conversion of parameter name to environment variable name, see https://kgs-software.atlassian.net/wiki/spaces/DOCUEN/pages/2749628418/Application+wide+settings#Environment-variables .

Application-wide setting

Explanation

server.ssl.key-store-type

Key store format.

Supported are PKCS12 and JKS supported. PKCS12 is preferred.

server.ssl.key-store

Location of the keystore

server.ssl.key-store-password

Password for the keystore

server.ssl.key-alias

Alias for the certificate in the pkcs12 store

server.ssl.enabled

true: Enable HTTPS

As communication is on port configured by server.port parameter (default: 8080), also set this parameter to the port desired for HTTPS (e.g. 8443).

Example

This demonstrates how a self-signed certificate is created using keytool JavaSE utility.

The keystore file is named kgs.p12 and resides at host in directory ./tiacore.

The store password in the keytool command is test1234. Choose a secure password instead.

The parameters to be added into the command to start the container are given for docker run command (see also Deployment using Container (tC)).

  1. Create a keystore with a self signed certificate or skip this step with existing certificate.

keytool -genkeypair -alias kgs -storepass test1234 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650

  1. Edit the docker run command respective the docker compose file to start the container

If using docker run command:

Map the file in the container:

-v ./tiacore/kgs.p12:/application/kgs.p12

Add to environment variables:

-e SERVER_SSL_KEYSTORETYPE=PKCS12
-e SERVER_SSL_KEYSTORE=/application/kgs.p12
-e SERVER_SSL_KEYSTOREPASSWORD=test1234
-e SERVER_SSL_KEYALIAS=kgs
-e SERVER_SSL_ENABLED=true

As the image reference must be last in docker run command, insert the parameter before.

If using docker compose file:

Below services > [instance name] > volumes add a volume mapping for the directory containing the keystore:

      - ./tiacore/ssl: /application/ssl

Below services > [instance name] > environment add these parameters:

      # HTTPS settings
      SERVER_SSL_KEYSTORETYPE: PKCS12
      SERVER_SSL_KEYSTORE: /application/ssl/kgs.p12
      SERVER_SSL_KEYSTOREPASSWORD: test1234
      SERVER_SSL_KEYALIAS: kgs
      SERVER_SSL_ENABLED: true

  • No labels