TLS Configuration Properties

The TLS support uses a keystore file, generated by using the Java standard tool keytool. For further information about keytool, see the JDK product documentation.

TLS is configured with properties that are typically set on the container level. 

Note!

Quotes and double quotes  surrounding the target path and property names are required for some properties to prevent overwriting. For further information, see Working with STR.

The available properties are:

  • pico.rcp.tls.keystore

    Use this property to set keystore path and to enable use of TLS for all RCP connections that are not from the local host. If this property is not set, TLS will not be used. 

    $ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore"' <keystore path>
  • pico.rcp.tls.keystore.alias
    Use this property if the keystore contains multiple private keys. RCP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used.

    $ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore.alias"' <alias>
  • pico.rcp.tls.keystore.password
    Use this property to set the password for the keystore, as selected in keytool. 

    $ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.keystore.password"' \ 
    `mzsh encryptpassword <password>`
  • pico.rcp.tls.key.password
    Use this property to set password for the key, as chosen in keytool. By default this is the same as the keystore password. (This is the default for keytool). 

    $ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.key.password"' \ 
    `mzsh encryptpassword <password>`
  • pico.rcp.tls.require_clientauth
    Use this property if client authentication (two-way authentication) is required. The default value is false.

    $ mzsh topo set 'topo://container:<container>/val:common."pico.rcp.tls.require.clientauth"' true