tia Core supports HTTP or HTTPS communication. It is not possible to have both at the same time.
Secure communication over HTTPS requires a certificate in stored as pkcs12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.
The following configuration must be made in container environmental variables, e.g. by using -e parameter in docker run command.
Application-wide setting | Explanation |
|---|---|
| Key store format. Supported are PKCS12 and JKS supported. PKCS12 is preferred. |
| Location of the keystore |
| Password for the keystore |
| Alias for the certificate in the pkcs12 store |
|
|
As communication is on port configured by server.port parameter (default: 8080), also set this parameter to the port desired for HTTPS (e.g. 8443).
Example
Create a keystore with a self signed certificate or skip this step with existing certificate:
keytool -genkeypair -alias kgs -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650
Map the file in the container:
-v ./tiacore/kgs.p12:/application/kgs.p12
Add to environment variables:
server.ssl.key-store-type: PKCS12 server.ssl.key-store: /application/kgs.p12 server.ssl.key-store-password: test1234 server.ssl.key-alias: kgs server.ssl.enabled: true