To enable mTLS, additional configuration must be set for Transform Router, Transform Engines, Transform Aspose, AI Renditions, and Shared File Store.
The following example is for simple transform-core-aio, where only one keystore and truststore is used. If there is a need for separation between server/client behavior, generate an additional set of keystore + truststore pair while determining a specific role for that pair (look up sample usages placed in scripts named “client_server”).
Below is an example of providing values through properties:
#Enable SSL server.ssl.enabled=true #Server behavior keystore server.ssl.key-password=password server.ssl.key-store=file:/keystores/tengineAIO/tengineAIO.keystore server.ssl.key-store-password=password server.ssl.key-store-type=JCEKS #Server behavior truststore server.ssl.trust-store=file:/keystores/tengineAIO/tengineAIO.truststore server.ssl.trust-store-password=password server.ssl.trust-store-type=JCEKS #Require inbound communication to provide a certificate server.ssl.client-auth=need #Client behavior keystore client.ssl.key-store=file:/keystores/tengineAIO/tengineAIO.keystore client.ssl.key-store-password=password client.ssl.key-store-type=JCEKS #Client behavior truststore client.ssl.trust-store=file:/keystores/tengineAIO/tengineAIO.truststore client.ssl.trust-store-password=password client.ssl.trust-store-type=JCEKS
Below is an example providing values through Docker image variables:
-
Add the keystore and truststore files as volumes:
volumes: - ${WORKSPACE}/keystores/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore - ${WORKSPACE}/keystores/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore
-
Set environment variables for the Docker image:
#Enable SSL SERVER_SSL_ENABLED: "true" #Server behavior keystore SERVER_SSL_KEY_PASSWORD: "password" SERVER_SSL_KEY_STORE: "file:/tengineAIO.keystore" SERVER_SSL_KEY_STORE_PASSWORD: "password" SERVER_SSL_KEY_STORE_TYPE: "JCEKS" #Server behavior truststore SERVER_SSL_TRUST_STORE: "file:/tengineAIO.truststore" SERVER_SSL_TRUST_STORE_PASSWORD: "password" SERVER_SSL_TRUST_STORE_TYPE: "JCEKS" #Require inbound communication to provide a certificate SERVER_SSL_CLIENT_AUTH: "need" #Client behavior keystore CLIENT_SSL_KEY_STORE: "file:/tengineAIO.keystore" CLIENT_SSL_KEY_STORE_PASSWORD: "password" CLIENT_SSL_KEY_STORE_TYPE: "JCEKS" #Client behavior truststore CLIENT_SSL_TRUST_STORE: "file:/tengineAIO.truststore" CLIENT_SSL_TRUST_STORE_PASSWORD: "password" CLIENT_SSL_TRUST_STORE_TYPE: "JCEKS"