Under this section, define the following server SSL settings.
ciphers
The list of allowed SSL ciphers – for example:
ciphers: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,\ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256"Mandatory: No. Omitting this parameter allows all the ciphers CA Gateway supports.
client-auth
Set this parameter value to:
NeedMandatory: Yes.
enabled
true to enable SSL/TLS, false otherwise.
Mandatory: No. This optional parameter defaults to true.
insecureMode
true when enabled is false , omit this parameter otherwise. This parameter reinforces that the user truly wants to run CA Gateway as an insecure setup.
The insecure mode is for testing environments only.
Mandatory: No. This optional parameter defaults to false.
key-alias
The alias of the SSL key in the keystore.
Mandatory: Yes.
key-store
The path of the keystore that contains the SSL server certificate.
See Configuring CA Gateway for how to reference file paths.
Mandatory : Yes.
key-store-password
The password of the keystore that contains the server SSL certificate.
Mandatory: Yes.
key-store-type
The type of keystore containing the SSL server certificate.
Type | Description |
|---|---|
jks | Java keystore |
pkcs12 | PKCS #12 keystore |
Mandatory: Yes.
protocol
Set this parameter to:
TLS Mandatory: Only when enabled is true.
trust-store
The full path of the truststore that contains the CA certificates.
See Configuring CA Gateway for how to reference file paths.
Mandatory: Yes.
trust-store-password
The password of the truststore that contains the CA certificates.
Mandatory: Yes.
trust-store-type
The type of truststore containing the CA certificates.
Type | Description |
|---|---|
jks | Java truststore |
pkcs12 | PKCS #12 truststore |
Mandatory: Yes.