tia Core supports HTTP or HTTPS communication. It is not possible to have both at the same time.
Secure communication over HTTPS requires a certificate in stored as pkcs12 format. The certificate may be public or self-signed. The file typically stored permanently at host and therefore needs to be mapped into the container.
The following configuration must be made in container environmental variables, e.g. by using -e
parameter in docker run
command.
Application-wide setting | Explanation |
---|---|
| Key store format. Supported are PKCS12 and JKS supported. PKCS12 is preferred. |
| Location of the keystore |
| Password for the keystore |
| Alias for the certificate in the pkcs12 store |
|
|
As communication is on port configured by server.port
parameter (default: 8080
), also set this parameter to the port desired for HTTPS (e.g. 8443
).
Example
This demonstrates how a self-signed certificate is created using keytool
JavaSE utility. The keystore file is named kgs.p12
and resides at host in directory ./tiacore
. The parameters to be added into the command to start the container are given for docker run
command (see also Deployment using Container (tC)).
Create a keystore with a self signed certificate or skip this step with existing certificate.
keytool -genkeypair -alias kgs -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650
Edit the command to start the container
As the image reference must be last in docker run command, insert the parameter before.
Map the file in the container:
-v ./tiacore/kgs.p12:/application/kgs.p12
Add to environment variables:
-e SERVER_SSL_KEY-STORE-TYPE:PKCS12 -e SERVER_SSL_KEY-STORE:/application/kgs.p12 -e SERVER.SSL.KEY-STORE-PASSWORD:test1234 -e SERVER_SSL_KEY-ALIAS:kgs -e SERVER_SSL_ENABLED:true