tia Viewer Core supports HTTP or HTTPS communication. It is not possible to have both at the same time.
Secure communication over HTTPS requires a certificate in stored as PKCS12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.
The following configuration must be made in container environmental variables or in YAML configuration file.
Parent | Parameter | Explanation |
|---|---|---|
|
| Key store format. Supported are PKCS12 and JKS supported. PKCS12 is preferred. |
|
| Location of the keystore |
|
| Password for the keystore |
|
| Alias for the certificate in the pkcs12 store |
|
|
|
As communication is on port configured by server.port parameter (default: 8080), also set this parameter to the port desired for HTTPS (e.g. 8443).
Example
This demonstrates how a self-signed certificate is created using keytool JavaSE utility.
The keystore file is named kgs.p12 and resides at host in directory ./tiaviewer.
The store password in the keytool command is test1234. Choose a secure password instead.
The parameters to be added into the command to start the container are given for docker run command (see also Deployment using Container (tC)).
Create a keystore with a self signed certificate or skip this step with existing certificate.
keytool -genkeypair -alias kgs -storepass test1234 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650
Edit the command to start the container
As the image reference must be last in docker run command, insert the parameter before.
Map the file in the container:
-v ./tiaviewer/kgs.p12:/application/kgs.p12
Add to environment variables:
-e SERVER_SSL_KEY-STORE-TYPE:PKCS12 -e SERVER_SSL_KEY-STORE:/application/kgs.p12 -e SERVER.SSL.KEY-STORE-PASSWORD:test1234 -e SERVER_SSL_KEY-ALIAS:kgs -e SERVER_SSL_ENABLED:true