Google Git
Sign in
apache / servicecomb-website / refs/heads/asf-site / . / content / docs / users / use-tls / index.html
blob: c25174bf17c9964efaf3ccc876459dde66b0318a [file] [log] [blame]
<!doctype html>
<!--
Minimal Mistakes Jekyll Theme 4.4.1 by Michael Rose
Copyright 2017 Michael Rose - mademistakes.com | @mmistakes
Free for personal and commercial use under the MIT license
https://github.com/mmistakes/minimal-mistakes/blob/master/LICENSE.txt
-->
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<!-- begin SEO -->
<title>Using TLS for Communication - Apache ServiceComb</title>
<meta name="description" content="Using TLS for Communication">
<meta name="author" content="">
<meta property="og:locale" content="en">
<meta property="og:site_name" content="Apache ServiceComb">
<meta property="og:title" content="Using TLS for Communication">
<link rel="canonical" href="https://github.com/pages/apache/incubator-servicecomb-website/docs/users/use-tls/">
<meta property="og:url" content="https://github.com/pages/apache/incubator-servicecomb-website/docs/users/use-tls/">
<meta property="og:description" content="Using TLS for Communication">
<meta name="twitter:site" content="@ServiceComb">
<meta name="twitter:title" content="Using TLS for Communication">
<meta name="twitter:description" content="Using TLS for Communication">
<meta name="twitter:url" content="">
<meta name="twitter:card" content="summary">
<script type="application/ld+json">
{
"@context" : "http://schema.org",
"@type" : "Person",
"name" : "Apache ServiceComb",
"url" : "https://github.com/pages/apache/incubator-servicecomb-website",
"sameAs" : null
}
</script>
<meta name="google-site-verification" content="HvJjNd7vvJ-yjSTHlBiIWEYxp_Hrz-PYEY5Idz9LRcA" />
<!-- end SEO -->
<link href="/feed.xml" type="application/atom+xml" rel="alternate" title="Apache ServiceComb Feed">
<!-- http://t.co/dKP3o1e -->
<meta name="HandheldFriendly" content="True">
<meta name="MobileOptimized" content="320">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script>
document.documentElement.className = document.documentElement.className.replace(/\bno-js\b/g, '') + ' js ';
</script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
<script src="/assets/vendor/prism/prism.js"></script>
<script type="text/javascript" async
src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-MML-AM_CHTML">
</script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css" integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M" crossorigin="anonymous">
<script src="https://www.apachecon.com/event-images/snippet.js"></script>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js" integrity="sha384-b/U6ypiBEHpOf/4+1nzFpr53nxSS+GLCkfwBdFNTxtclqqenISfwAzpKaMNFNmj4" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js" integrity="sha384-h0AbiXch4ZDo7tp9hKZ4TsHbi047NrKGLO3SEJAg45jXxnGIfYzk4Si90RDIqNm1" crossorigin="anonymous"></script>
<!-- For all browsers -->
<link rel="stylesheet" href="/assets/css/main.css">
<link rel="stylesheet" href="/assets/vendor/prism/prism.css">
<!--[if lte IE 9]>
<style>
/* old IE unsupported flexbox fixes */
.greedy-nav .site-title {
padding-right: 3em;
}
.greedy-nav button {
position: absolute;
top: 0;
right: 0;
height: 100%;
}
</style>
<![endif]-->
<meta http-equiv="cleartype" content="on">
<!-- start custom head snippets -->
<!-- insert favicons. use http://realfavicongenerator.net/ -->
<link href="https://fonts.loli.net/css?family=Roboto:400,500,700|Source+Code+Pro" rel="stylesheet">
<script src="/assets/js/custom.js"></script>
<!-- end custom head snippets -->
</head>
<body class="layout--single">
<!--[if lt IE 9]>
<div class="notice--danger align-center" style="margin: 0;">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</div>
<![endif]-->
<div class="masthead" onmouseleave="$('#childrenShow').css('display', 'none')">
<div class="masthead__inner-wrap">
<div class="masthead__menu">
<nav id="site-nav" class="greedy-nav">
<a class="site-title active" href="/"><img src="https://www.apache.org/img/servicecomb.png"></a>
<ul class="visible-links">
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/">Home</a>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/developers/">Projects</a>
</li>
<li class="def-nav-li" onmouseenter="$('#childrenShow').css('display', 'block')">
<a class="active" href="/docs/users/">Documentation</a>
<ul id="childrenShow" class="def-children-show-en" onmouseleave="$('#childrenShow').css('display', 'none')">
<li><a href="/docs/getting-started/" class="">Getting started</a></li>
<li><a href="/docs/users/" class="">Docs</a></li>
<li><a href="/slides/" class="">Video</a></li>
<li><a href="/faqs/" class="">FAQ</a></li>
</ul>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/year-archive/">Blogs</a>
</li>
<li class="masthead__menu-item" onmouseenter="$('#childrenShow').css('display', 'none')">
<a href="/release/">Downloads</a>
</li>
</ul>
<button><div class="navicon"></div></button>
<ul class="hidden-links hidden"></ul>
<div class="nav-lang">
<a href=/cn/docs/users/use-tls/>中文</a>
</div>
</nav>
</div>
</div>
</div>
<div id="main" role="main">
<div class="sidebar sticky">
<div class="back-to-home"><a href="/">Home</a> > Using TLS for Communication</div>
<nav class="nav__list">
<input id="ac-toc" name="accordion-toc" type="checkbox" />
<label for="ac-toc">Toggle Menu</label>
<ul class="nav__items">
<li>
<span class="nav__sub-title">Java Chassis User Guide</span>
<ul>
<li><a href="/references/java-chassis/zh_CN/index.html" class="">Java Chassis 3</a></li>
<li><a href="/references/java-chassis/2.x/zh_CN/index.html" class="">Java Chassis 2</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Pack User Guide</span>
<ul>
<li><a href="https://github.com/apache/servicecomb-pack/blob/master/docs/user_guide.md" class="">0.5.0</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">ServiceCenter User Guide</span>
<ul>
<li><a href="https://service-center.readthedocs.io/en/latest/user-guides.html" class="">2.0.0</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Kie User Guide</span>
<ul>
<li><a href="https://kie.readthedocs.io/en/latest/" class="">0.2.0</a></li>
</ul>
</li>
<li>
<span class="nav__sub-title">Mesher User Guide</span>
<ul>
<li><a href="https://mesher.readthedocs.io/en/latest/" class="">1.6.3</a></li>
</ul>
</li>
</ul>
</nav>
</div>
<article class="page" itemscope itemtype="http://schema.org/CreativeWork">
<meta itemprop="headline" content="Using TLS for Communication">
<meta itemprop="description" content="Using TLS for Communication">
<meta itemprop="dateModified" content="August 15, 2017">
<div class="page__inner-wrap">
<header>
<h1 class="page__title" itemprop="headline">Using TLS for Communication
</h1>
</header>
<section class="page__content" itemprop="text">
<h2 id="scenario">Scenario</h2>
<p>Users can use simple configurations to enable TLS communication to ensure data transmission security.</p>
<h2 id="external-service-communication-configuration">External Service Communication Configuration</h2>
<p>The configuration related to external service communication is set in the microservice.yaml file.</p>
<ul>
<li>
<p>TLS communication configuration of the service center and configuration center
The connection between the microservice and the service and configuration centers can be changed from HTTP to HTTPS, enabling TLS communication. The configuration example is as below:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="na">servicecomb</span><span class="pi">:</span>
<span class="na">service</span><span class="pi">:</span>
<span class="na">registry</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">https://127.0.0.1:30100</span>
</code></pre></div> </div>
</li>
<li>
<p>TLS communication enabled by the service provider
When configuring the service listening address, the service provider can add<code class="language-plaintext highlighter-rouge">?sslEnabled=true</code> to the end of the address to enable TLS communication. For example:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="na">servicecomb</span><span class="pi">:</span>
<span class="na">rest</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:8080?sslEnabled=true</span>
<span class="na">highway</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:7070?sslEnabled=true</span>
</code></pre></div> </div>
</li>
</ul>
<h2 id="configure-a-certificate">Configure a Certificate</h2>
<p>The certificate configuration items are set in the microservice.yaml file. You can customize certificates in a unified manner or add tags for configuration in a small granularity. The tag configuration overwrites the global configuration, and the configuration format is as follows:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="s">ssl.[tag].[property]</span>
</code></pre></div></div>
<p>For details about the certificate configuration items, see Table 1.</p>
<p><strong>Table 1 Certificate configuration items</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left">Configuration Item</th>
<th style="text-align: left">Default Value</th>
<th style="text-align: left">Value Range</th>
<th style="text-align: left">Mandatory</th>
<th style="text-align: left">Description</th>
<th style="text-align: left">Remarks</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">ssl.protocols</td>
<td style="text-align: left">TLSv1.2</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the protocol list.</td>
<td style="text-align: left">Use commas (,) to separate protocols.</td>
</tr>
<tr>
<td style="text-align: left">ssl.ciphers</td>
<td style="text-align: left">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,<br />TLS_RSA_WITH_AES_128_GCM_SHA256</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the algorithm list</td>
<td style="text-align: left">Use commas (,) to separate protocols.</td>
</tr>
<tr>
<td style="text-align: left">ssl.authPeer</td>
<td style="text-align: left">true</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies whether auhentication is required for the peer end.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.checkCN.host</td>
<td style="text-align: left">true</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Whether the CN of the certificate is checked</td>
<td style="text-align: left">This configuration item is available and valid only for consumers using the HTTP protocol (the rest channel). This parameter is invalid for providers and highway channels. The purpose of checking CN is to protect the server from phishing attacks. For details, see the following standard:<a href="https://tools.ietf.org/html/rfc2818。">https://tools.ietf.org/html/rfc2818。</a></td>
</tr>
<tr>
<td style="text-align: left">ssl.trustStore</td>
<td style="text-align: left">trust.jks</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the trust certificate file.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.trustStoreType</td>
<td style="text-align: left">JKS</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the type of trust certificate</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.trustStoreValue</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the password of the trust certificate file.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.keyStore</td>
<td style="text-align: left">server.p12</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the identity certificate file.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.keyStoreType</td>
<td style="text-align: left">PKCS12</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the type of identity certificate.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.keyStoreValue</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the password of identity certificate.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.crl</td>
<td style="text-align: left">revoke.crl</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the certificate revocation list(CRL) file.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl.sslCustomClass</td>
<td style="text-align: left">-</td>
<td style="text-align: left">org.apache.servicecomb.foundation.ssl.SSLCustom implementation</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies implementation of the SSLCustom class, which is used by developers to convert passwords and file paths.</td>
<td style="text-align: left">-</td>
</tr>
</tbody>
</table>
<blockquote>
<p><strong>NOTE:</strong></p>
<ul>
<li>The default protocol algorithm is high-strength algorithm. The JDK needs to be installed together withe the corresponding policy file. For details, visit <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html">http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html</a>. You can configure a non-high-strength algorithm in the configuration file.</li>
<li>The microservice consumers can specify certificates for different providers. (The current certificate is issued by HOST. Different providers use a certificate storage medium, which is used by the service center and configuration center).</li>
</ul>
</blockquote>
<h2 id="certificate-configuration-in-the-service-center">Certificate Configuration in the Service Center</h2>
<p>Currently, the TLS authentication mode of the service center can be configured using environment variables. By default, TLS communication and bidirectional authentication are enables. During peer end authentication, whether the peer end matches the CommonName field of the certificate is checked. For details about the certificate configuration items in the service center, see table 2.</p>
<p><strong>Table 2 Configuration file of the service center</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left">Configuration Item</th>
<th style="text-align: left">Default Value</th>
<th style="text-align: left">Value Range</th>
<th style="text-align: left">Mandatory</th>
<th style="text-align: left">Description</th>
<th style="text-align: left">Remarks</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CSE_SSL_MODE</td>
<td style="text-align: left">1</td>
<td style="text-align: left">1/0<br />0:HTTPS<br />1:HTTP</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Set the protocol mode.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">CSE_SSL_VERIFY_CLIENT</td>
<td style="text-align: left">1</td>
<td style="text-align: left">1/0<br />0:HTTPS<br />1:HTTP</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Set whether the peer end is authenticated in HTTPS mode</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">CSE_SSL_PASSPHASE</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Set the password for the certificate key in HTTPS mode</td>
<td style="text-align: left">-</td>
</tr>
</tbody>
</table>
<p>The configuration file of the service center is$APP_ROOT/conf/app.conf. For details about the configuration item, see table 3. This configuration does not support the settings of environment variables.</p>
<p>Table 3 Configuration file of the service center</p>
<table>
<thead>
<tr>
<th style="text-align: left">Configuration Items</th>
<th style="text-align: left">Default Value</th>
<th style="text-align: left">Value Range</th>
<th style="text-align: left">Mandatory</th>
<th style="text-align: left">Description</th>
<th style="text-align: left">Remarks</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">ssl_protocols</td>
<td style="text-align: left">TLSv1.2</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the SSL version used for communication.</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">ssl_ciphers</td>
<td style="text-align: left">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_RSA_WITH_AES_256_GCM_SHA384,<br />TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,<br />TLS_RSA_WITH_AES_128_GCM_SHA256,<br />TLS_RSA_WITH_AES_128_CBC_SHA</td>
<td style="text-align: left">-</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Specifies the algorithms list used to configuration</td>
<td style="text-align: left">ssl_cipher must be configured with the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 algorithm, because th eservice center supports the HTTP/2 protocal. TLS_RSA_WITH_AES_128_GCM_SHA256、TLS_RSA_WITH_AES_128_CBC_SHA are listd in the insecure algorithm blacklist of the HTTP/2 protocol, but they need to be configured to the last bit of ssl_ciphers to ensure compatibility of the client algorithm.</td>
</tr>
</tbody>
</table>
<h2 id="path-for-storing-key-materials-and-certificates">Path for Storing Key Materials and Certificates</h2>
<p><strong>Table 4 Path for storing key materials and certificate</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left">Configuration Items</th>
<th style="text-align: left">Description</th>
<th style="text-align: left">Environment Variable</th>
<th style="text-align: left">Remarks</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">/</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE</td>
<td style="text-align: left">-</td>
<td style="text-align: left">INSTALL_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/cipher</td>
<td style="text-align: left">Specifies the directory for storing key materials</td>
<td style="text-align: left">CIPHER_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl</td>
<td style="text-align: left">Specifies the directory for storing certificates.</td>
<td style="text-align: left">SSL_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/trust.cer</td>
<td style="text-align: left">Specifies the trusted CA.</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/server_key.pem</td>
<td style="text-align: left">Specifies the private key file on the encrypted server.</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/server.cer</td>
<td style="text-align: left">Specifies the server certificate.</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/etc/ssl/cert_pwd</td>
<td style="text-align: left">Specifies the symmetric ciphertext file used to store the decrypted private key.</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps/ServiceCenter</td>
<td style="text-align: left">-</td>
<td style="text-align: left">APP_ROOT</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps/ServiceCenter/conf</td>
<td style="text-align: left">Specifies the configuration file directory of the service center.</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
<tr>
<td style="text-align: left">/opt/CSE/apps/ServiceCenter/conf/app.conf</td>
<td style="text-align: left">Specifies the application configuration file.</td>
<td style="text-align: left">-</td>
<td style="text-align: left">-</td>
</tr>
</tbody>
</table>
<h2 id="sample-code">Sample Code</h2>
<p>The configuration example of enabling the TLS communication in the microservicce.yaml file is as follows:</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">servicecomb</span><span class="pi">:</span>
<span class="na">service</span><span class="pi">:</span>
<span class="na">registry</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">https://127.0.0.1:30100</span>
<span class="na">rest</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:8080?sslEnabled=true</span>
<span class="na">highway</span><span class="pi">:</span>
<span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0:7070?sslEnabled=true</span>
<span class="c1">#########SSL options</span>
<span class="s">ssl.protocols</span><span class="pi">:</span> <span class="s">TLSv1.2</span>
<span class="s">ssl.authPeer</span><span class="pi">:</span> <span class="no">true</span>
<span class="s">ssl.checkCN.host</span><span class="pi">:</span> <span class="no">true</span>
<span class="c1">#########certificates config</span>
<span class="s">ssl.trustStore</span><span class="pi">:</span> <span class="s">trust.jks</span>
<span class="s">ssl.trustStoreType</span><span class="pi">:</span> <span class="s">JKS</span>
<span class="s">ssl.trustStoreValue</span><span class="pi">:</span> <span class="s">Changeme_123</span>
<span class="s">ssl.keyStore</span><span class="pi">:</span> <span class="s">server.p12</span>
<span class="s">ssl.keyStoreType</span><span class="pi">:</span> <span class="s">PKCS12</span>
<span class="s">ssl.keyStoreValue</span><span class="pi">:</span> <span class="s">Changeme_123</span>
<span class="s">ssl.crl</span><span class="pi">:</span> <span class="s">revoke.crl</span>
<span class="s">ssl.sslCustomClass</span><span class="pi">:</span> <span class="s">org.apache.servicecomb.demo.DemoSSLCustom</span>
</code></pre></div></div>
</section>
<footer class="page__meta">
</footer>
</div>
</article>
</div>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<div align="center" style="margin: 0 0;">
<ins class="adsbygoogle"
style="display:block; border-bottom: initial;"
data-ad-client="ca-pub-7328585512091257"
data-ad-slot="3049671934"
data-ad-format="auto"></ins>
</div>
<div class="page__footer">
<footer>
<!-- start custom footer snippets -->
<!-- end custom footer snippets -->
<div class="container">
<div class="row justify-content-md-center">
<div class="col">
<ul>
<p class="header">Events</p>
<a class="acevent" data-format="square" data-mode="dark" data-event="random"></a>
</ul>
</div>
<div class="col">
<ul>
<p class="header">Resources</p>
<li><a href="/docs/getting-started/">Getting started</a></li>
<li><a href="/docs/users/">User Guide</a></li>
<li><a href="/slides/">Slides</a></li>
<li><a href="/users/faq/">Common Questions</a></li>
</ul>
</div>
<div class="col">
<ul>
<p class="header">ASF</p>
<li><a href="http://www.apache.org">Foundation</a></li>
<li><a href="http://www.apache.org/licenses/">License</a></li>
<li><a href="http://www.apache.org/events/current-event">Events</a></li>
<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
</ul>
</div>
<div class="col">
<ul>
<p class="header">Contribute</p>
<li><a href="http://issues.apache.org/jira/browse/SCB">Report a Doc Issue</a></li>
<li><a href="https://github.com/apache/servicecomb-website/edit/master/_users/use-tls.md">Edit This Page on Github</a></li>
<li><a href="/developers/submit-codes/">Code Submit Guide</a></li>
<li><a href="/security">Security</a></li>
</ul>
</div>
<div class="col">
<ul class="social-icons">
<p class="header">Community</p>
<li>
<a href="mailto:dev-subscribe@servicecomb.incubator.apache.org" rel="nofollow"><span class="mail">Mailing List</span></a>
</li>
<li>
<a href="https://github.com/apache?q=ServiceComb" target="_blank"><span class="github">Github</span></a>
</li>
<li>
<a href="https://twitter.com/ServiceComb" target="_blank"><span class="twitter">Twitter</span></a>
</li>
<li>
<a href="/feed.xml" target="_blank"><span class="rss">Feed</span></a>
</li>
</ul>
</div>
</div>
</div>
<div class="page__footer-bottom">
<div>&copy; 2024 Apache ServiceComb. Powered by <a href="http://jekyllrb.com" rel="nofollow">Jekyll</a> &amp; <a href="https://mademistakes.com/work/minimal-mistakes-jekyll-theme/" rel="nofollow">Minimal Mistakes</a>.</div>
<div>All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div>
</div>
</footer>
</div>
<script src="/assets/js/main.min.js"></script>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-101622733-1', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>