The TLS support uses a keystore file, generated by using the Java standard tool keytool
. For further information about keytool
, see the JDK product documentation.
TLS is configured with properties that are typically set on the container level.
Note!
Quotes and double quotes surrounding the target path and property names are required for some properties to prevent overwriting. For further information, see Working with STR.
The available properties are:
p
ico.rcp.tls.keystoreUse this property to set keystore path and to enable use of TLS for all RCP connections that are not from the local host. If this property is not set, TLS will not be used.
$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore"' <keystore path>
pico.rcp.tls.keystore.alias
Use this property if the keystore contains multiple private keys. RCP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used.$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore.alias"' <alias>
pico.rcp.tls.keystore.password
Use this property to set the password for the keystore, as selected in keytool.$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore.password"' \ `mzsh encryptpassword <password>`
pico.rcp.tls.key.password
Use this property to set password for the key, as chosen inkeytool
. By default this is the same as the keystore password. (This is the default forkeytool
).$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.key.password"' \ `mzsh encryptpassword <password>`
pico.rcp.tls.require_clientauth
Use this property if client authentication (two-way authentication) is required. The default value isfalse
.$ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.require.clientauth"' true