Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

The  mzsh keytool enable-tls command from Enable One-way SSL On RCP will configure the properties listed below in Platform container automatically, except property pico.rcp.tls.require_clientauth. You can also manually change the value of these properties.

Do a  mzsh topo open container to view the platform container.conf.

Quotes and double quotes surrounding the target path and property names are required for some properties to prevent overwriting. For further information, see Working with STR.

pico.rcp.tls.keystore

This property is to set the keystore file path. If this property is not set, TLS will not be used. 

Example value in container.conf:

"pico.rcp.tls.keystore"="/opt/mz/keys/keystore.p12"

To set this property manually, run this command:

$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore"' <keystore path>

Note: Full Path to the keystore file is required.

pico.rcp.tls.keystore.alias

Use this property if the keystore contains multiple private keys. RCP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used.

Example value in container.conf:

"pico.rcp.tls.keystore.alias"=platform

To set this property manually, run this command:

$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore.alias"' <alias>

pico.rcp.tls.keystore.password

Use this property to set the keystore password, which is the password we entered while creating keystore.

Example value in container.conf:

"pico.rcp.tls.keystore.password"="DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86"

To set this property manually, run this command:

$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore.password"' \ 
`mzsh encryptpassword <password>`

pico.rcp.tls.key.password

Use this property to set password for the key, as chosen in keytool. By default this is the same as the keystore password. (This is the default for keytool). 

Example value in container.conf:

"pico.rcp.tls.key.password"="DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86"

To set this property manually, run this command:

$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.key.password"' \ 
`mzsh encryptpassword <password>`

pico.rcp.tls.require_clientauth

This property is used if client authentication (two-way authentication) is required. The default value is false. Refer Enable Two-way SSL On RCP

$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.require.clientauth"' true

Restart Required

After the configuration is done all affected processes need to be restarted. Use the following command:

mzsh restart platform

  • No labels