Configuration for Transform Service - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external - Alfresco/Alfresco-Content-Services/23.4/Alfresco-Content-Services/Configure/Mutual-TLS/Repository-configuration/Configuration-for-Transform-Service

Configuration for Transform Service - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external - Alfresco/Alfresco-Content-Services/23.4/Alfresco-Content-Services/Configure/Mutual-TLS/Repository-configuration/Configuration-for-Transform-Service - 2025-11-03

Alfresco Content Services

Platform

Alfresco

Product

Alfresco Content Services

Release

23.4

License

ft:locale

en-US

To enable mTLS, additional configuration must be set for Transform Router, Transform Engines, Transform Aspose, AI Renditions, and Shared File Store.

The following example is for simple transform-core-aio, where only one keystore and truststore is used. If there is a need for separation between server/client behavior, generate an additional set of keystore + truststore pair while determining a specific role for that pair (look up sample usages placed in scripts named “client_server”).

Below is an example of providing values through properties:

#Enable SSL
server.ssl.enabled=true

#Server behavior keystore
server.ssl.key-password=password
server.ssl.key-store=file:/keystores/tengineAIO/tengineAIO.keystore 
server.ssl.key-store-password=password
server.ssl.key-store-type=JCEKS
#Server behavior truststore
server.ssl.trust-store=file:/keystores/tengineAIO/tengineAIO.truststore
server.ssl.trust-store-password=password
server.ssl.trust-store-type=JCEKS
#Require inbound communication to provide a certificate
server.ssl.client-auth=need

#Client behavior keystore
client.ssl.key-store=file:/keystores/tengineAIO/tengineAIO.keystore
client.ssl.key-store-password=password
client.ssl.key-store-type=JCEKS
#Client behavior truststore
client.ssl.trust-store=file:/keystores/tengineAIO/tengineAIO.truststore
client.ssl.trust-store-password=password
client.ssl.trust-store-type=JCEKS

Below is an example providing values through Docker image variables:

Add the keystore and truststore files as volumes:

 volumes:
     - ${WORKSPACE}/keystores/tengineAIO/tengineAIO.truststore:/tengineAIO.truststore
     - ${WORKSPACE}/keystores/tengineAIO/tengineAIO.keystore:/tengineAIO.keystore

Set environment variables for the Docker image:

 #Enable SSL
 SERVER_SSL_ENABLED: "true"

 #Server behavior keystore
 SERVER_SSL_KEY_PASSWORD: "password"
 SERVER_SSL_KEY_STORE: "file:/tengineAIO.keystore"
 SERVER_SSL_KEY_STORE_PASSWORD: "password"
 SERVER_SSL_KEY_STORE_TYPE: "JCEKS"
 #Server behavior truststore
 SERVER_SSL_TRUST_STORE: "file:/tengineAIO.truststore"
 SERVER_SSL_TRUST_STORE_PASSWORD: "password"
 SERVER_SSL_TRUST_STORE_TYPE: "JCEKS"
 #Require inbound communication to provide a certificate
 SERVER_SSL_CLIENT_AUTH: "need"

 #Client behavior keystore
 CLIENT_SSL_KEY_STORE: "file:/tengineAIO.keystore"
 CLIENT_SSL_KEY_STORE_PASSWORD: "password"
 CLIENT_SSL_KEY_STORE_TYPE: "JCEKS"
 #Client behavior truststore
 CLIENT_SSL_TRUST_STORE: "file:/tengineAIO.truststore"
 CLIENT_SSL_TRUST_STORE_PASSWORD: "password"
 CLIENT_SSL_TRUST_STORE_TYPE: "JCEKS"