Secure communication over HTTPS requires a certificate in stored as pkcs12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.
The following configuration must be made in container environmental variables, e.g. by using -e parameter in docker run command.
| Key store format. Supported are PKCS12 and JKS supported. PKCS12 is preferred. |
| Location of the keystore |
| Password for the keystore |
| Alias for the certificate in the pkcs12 store |
| use “true“ to expose the configured port (default 8080) as https port |
Example
Create a keystore with a self signed certificate or skip this step with existing certificate:
keytool -genkeypair -alias kgs -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650
Map the file in the container:
-v ./tiacore/kgs.p12:/application/kgs.p12
Add to environment variables:
server.ssl.key-store-type: PKCS12 server.ssl.key-store: /application/kgs.p12 server.ssl.key-store-password: test1234 server.ssl.key-alias: kgs server.ssl.enabled: true