Google Git
Sign in
apache / servicecomb-website / refs/heads/asf-site / . / content / references / java-chassis / en_US / security / tls / index.html
blob: f1929f19b176a9cc38d6684bbbd2f745302acc53 [file] [log] [blame]
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="prev" href="../../packaging/web-container/">
<link rel="next" href="../rsa/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.19">
<title>Using TLS - ServiceComb Java Chassis Developers Guide</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.66ac8b77.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#scene-description" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="ServiceComb Java Chassis Developers Guide" class="md-header__button md-logo" aria-label="ServiceComb Java Chassis Developers Guide" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
ServiceComb Java Chassis Developers Guide
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Using TLS
</span>
</div>
</div>
</div>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="ServiceComb Java Chassis Developers Guide" class="md-nav__button md-logo" aria-label="ServiceComb Java Chassis Developers Guide" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
ServiceComb Java Chassis Developers Guide
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Getting Started
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Getting Started
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../start/terminology/" class="md-nav__link">
<span class="md-ellipsis">
Glossary
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../start/architecture/" class="md-nav__link">
<span class="md-ellipsis">
Architecture
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../start/development-environment/" class="md-nav__link">
<span class="md-ellipsis">
Development environment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../start/first-sample/" class="md-nav__link">
<span class="md-ellipsis">
Develop the first microservice
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Development Service Provider
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Development Service Provider
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build-provider/definition/service-definition/" class="md-nav__link">
<span class="md-ellipsis">
Service definition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/define-contract/" class="md-nav__link">
<span class="md-ellipsis">
Service contract definition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/code-first/" class="md-nav__link">
<span class="md-ellipsis">
Implicit API definition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/swagger-annotation/" class="md-nav__link">
<span class="md-ellipsis">
Use Swagger annotations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/springmvc/" class="md-nav__link">
<span class="md-ellipsis">
Develop with SpringMVC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/jaxrs/" class="md-nav__link">
<span class="md-ellipsis">
Develop with JAX-RS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/transparent-rpc/" class="md-nav__link">
<span class="md-ellipsis">
Develop with Transparent RPC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/interface-constraints/" class="md-nav__link">
<span class="md-ellipsis">
Interface definition and data type
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/listen-address-and-publish-address/" class="md-nav__link">
<span class="md-ellipsis">
Service listening address and publishing address
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/thread-pool/" class="md-nav__link">
<span class="md-ellipsis">
Thread pool
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_11" >
<label class="md-nav__link" for="__nav_3_11" id="__nav_3_11_label" tabindex="0">
<span class="md-ellipsis">
Service Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_11_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_11">
<span class="md-nav__icon md-icon"></span>
Service Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build-provider/configuration/ratelimite-strategy/" class="md-nav__link">
<span class="md-ellipsis">
Rate Limiting Policy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/configuration/parameter-validator/" class="md-nav__link">
<span class="md-ellipsis">
Parameter Validator
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../build-provider/bootup/" class="md-nav__link">
<span class="md-ellipsis">
Boot-up Process
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-provider/access-log-configuration/" class="md-nav__link">
<span class="md-ellipsis">
Access Log Configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Writing Service Consumer
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Writing Service Consumer
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build-consumer/common-configuration/" class="md-nav__link">
<span class="md-ellipsis">
Consumer common configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-consumer/using-resttemplate/" class="md-nav__link">
<span class="md-ellipsis">
Using Rest Template
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-consumer/using-AsyncRestTemplate/" class="md-nav__link">
<span class="md-ellipsis">
Using AsyncRestTemplate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-consumer/develop-consumer-using-rpc/" class="md-nav__link">
<span class="md-ellipsis">
Using with RPC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-consumer/with-contract/" class="md-nav__link">
<span class="md-ellipsis">
Contract
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6" >
<label class="md-nav__link" for="__nav_4_6" id="__nav_4_6_label" tabindex="0">
<span class="md-ellipsis">
Invoke control
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6">
<span class="md-nav__icon md-icon"></span>
Invoke control
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build-consumer/flow-control/" class="md-nav__link">
<span class="md-ellipsis">
Flow Control
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build-consumer/fault-injection/" class="md-nav__link">
<span class="md-ellipsis">
Fault Injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../build-consumer/3rd-party-service-invoke/" class="md-nav__link">
<span class="md-ellipsis">
Invoke 3rd-party REST services
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Transports
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Transports
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../transports/rest-over-servlet/" class="md-nav__link">
<span class="md-ellipsis">
REST over Servlet
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../transports/rest-over-vertx/" class="md-nav__link">
<span class="md-ellipsis">
REST over Vertx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../transports/highway-rpc/" class="md-nav__link">
<span class="md-ellipsis">
Highway
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../transports/http2/" class="md-nav__link">
<span class="md-ellipsis">
HTTP2
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
General Development
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
General Development
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../general-development/visit-sc/" class="md-nav__link">
<span class="md-ellipsis">
Access Service Center
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/metrics/" class="md-nav__link">
<span class="md-ellipsis">
Metrics
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/microservice-invocation-chain/" class="md-nav__link">
<span class="md-ellipsis">
Microservice invocation chain
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/customized-tracing/" class="md-nav__link">
<span class="md-ellipsis">
Customized-Tracing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/local-develop-test/" class="md-nav__link">
<span class="md-ellipsis">
Local development and testing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/http-filter/" class="md-nav__link">
<span class="md-ellipsis">
Http Filter
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/file-upload/" class="md-nav__link">
<span class="md-ellipsis">
File Uploading
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/file-download/" class="md-nav__link">
<span class="md-ellipsis">
File Downloading
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/reactive/" class="md-nav__link">
<span class="md-ellipsis">
Reactive Programing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/dnsconfig/" class="md-nav__link">
<span class="md-ellipsis">
DNS Custom Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/dai-li-she-zhi/" class="md-nav__link">
<span class="md-ellipsis">
Proxy Settings
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/report-framework-version/" class="md-nav__link">
<span class="md-ellipsis">
Report framework version
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/cross-app-invocation/" class="md-nav__link">
<span class="md-ellipsis">
Cross-application invocation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/secret-field/" class="md-nav__link">
<span class="md-ellipsis">
Customized serialization and deserialization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/context/" class="md-nav__link">
<span class="md-ellipsis">
Using Context to pass control messages
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/produceprocess/" class="md-nav__link">
<span class="md-ellipsis">
Return value serialization extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/CORS/" class="md-nav__link">
<span class="md-ellipsis">
CORS mechanism
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/AlarmEvent/" class="md-nav__link">
<span class="md-ellipsis">
Get fuse and instance isolation alarm event information
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/shutdown/" class="md-nav__link">
<span class="md-ellipsis">
Shutdown gracefully
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/error-handling/" class="md-nav__link">
<span class="md-ellipsis">
Handling exceptions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/multienvironment/" class="md-nav__link">
<span class="md-ellipsis">
Multi-environment isolation between microservice instances
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../general-development/thread-model/" class="md-nav__link">
<span class="md-ellipsis">
Thread Model
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/general-config/" class="md-nav__link">
<span class="md-ellipsis">
General config
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/inject-config/" class="md-nav__link">
<span class="md-ellipsis">
Configuration injection
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Service Capability Open
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Service Capability Open
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../edge/open-service/" class="md-nav__link">
<span class="md-ellipsis">
Intruductions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../edge/by-servicecomb-sdk/" class="md-nav__link">
<span class="md-ellipsis">
Using Edge Service
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../edge/nginx/" class="md-nav__link">
<span class="md-ellipsis">
Using confd and Nginx as edge services
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../edge/zuul/" class="md-nav__link">
<span class="md-ellipsis">
Use zuul as edge services
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
Service Packing and Running
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Service Packing and Running
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../packaging/standalone/" class="md-nav__link">
<span class="md-ellipsis">
Standalone mode
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packaging/web-container/" class="md-nav__link">
<span class="md-ellipsis">
WEB container mode
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" checked>
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
<span class="md-ellipsis">
Micro Service Security
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
Micro Service Security
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Using TLS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Using TLS
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#scene-description" class="md-nav__link">
<span class="md-ellipsis">
Scene Description
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#external-service-communication-configuration" class="md-nav__link">
<span class="md-ellipsis">
External Service Communication Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#certificate-configuration" class="md-nav__link">
<span class="md-ellipsis">
Certificate Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sample-code" class="md-nav__link">
<span class="md-ellipsis">
Sample Code
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../rsa/" class="md-nav__link">
<span class="md-ellipsis">
Using RSA certification
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_11" >
<label class="md-nav__link" for="__nav_11" id="__nav_11_label" tabindex="0">
<span class="md-ellipsis">
Using java chassis in Spring Boot
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_11_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_11">
<span class="md-nav__icon md-icon"></span>
Using java chassis in Spring Boot
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../using-java-chassis-in-spring-boot/using-java-chassis-in-spring-boot/" class="md-nav__link">
<span class="md-ellipsis">
Intruductions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../using-java-chassis-in-spring-boot/components-for-spring-boot/" class="md-nav__link">
<span class="md-ellipsis">
spring boot starter for java-chassis
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../using-java-chassis-in-spring-boot/java-application/" class="md-nav__link">
<span class="md-ellipsis">
JAVA application development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../using-java-chassis-in-spring-boot/web-application/" class="md-nav__link">
<span class="md-ellipsis">
Web development method development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../using-java-chassis-in-spring-boot/diff-between-java-web/" class="md-nav__link">
<span class="md-ellipsis">
The difference between JAVA application method and Web development method
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../using-java-chassis-in-spring-boot/diff-spring-mvc/" class="md-nav__link">
<span class="md-ellipsis">
The difference in Spring MVC mode
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_12" >
<label class="md-nav__link" for="__nav_12" id="__nav_12_label" tabindex="0">
<span class="md-ellipsis">
Handlers reference
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_12_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_12">
<span class="md-nav__icon md-icon"></span>
Handlers reference
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../references-handlers/intruduction/" class="md-nav__link">
<span class="md-ellipsis">
Intruductions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references-handlers/loadbalance/" class="md-nav__link">
<span class="md-ellipsis">
Load Balancing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../references-handlers/publickey/" class="md-nav__link">
<span class="md-ellipsis">
Public key authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_13" >
<label class="md-nav__link" for="__nav_13" id="__nav_13_label" tabindex="0">
<span class="md-ellipsis">
FAQ
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_13_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_13">
<span class="md-nav__icon md-icon"></span>
FAQ
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../question-and-answer/question_answer/" class="md-nav__link">
<span class="md-ellipsis">
Q & A
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../question-and-answer/faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../question-and-answer/interface-compatibility/" class="md-nav__link">
<span class="md-ellipsis">
Micro Service Interface Compatibility FAQ
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#scene-description" class="md-nav__link">
<span class="md-ellipsis">
Scene Description
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#external-service-communication-configuration" class="md-nav__link">
<span class="md-ellipsis">
External Service Communication Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#certificate-configuration" class="md-nav__link">
<span class="md-ellipsis">
Certificate Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#sample-code" class="md-nav__link">
<span class="md-ellipsis">
Sample Code
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1>Using TLS</h1>
<h2 id="scene-description">Scene Description</h2>
<p>Users can enable TLS communication through simple configuration to ensure data transmission security.</p>
<h2 id="external-service-communication-configuration">External Service Communication Configuration</h2>
<p>The configuration related to external service communication is written in the microservice.yaml file.</p>
<ul>
<li>Service Center, Configuration Center TLS communication configuration
   The connection between the microservices and the service center and the configuration center can be enabled by changing http to https. The configuration example is as follows:</li>
</ul>
<p><code>yaml
servicecomb:
service:
registry:
address: https://127.0.0.1:30100
config:
client:
serverUri: https://127.0.0.1:30103</code></p>
<ul>
<li>Service provider enables TLS communication
   When the service provider configures the service listening address, it can open TLS communication by appending <code>?sslEnabled=true</code> to the address. The example is as follows:</li>
</ul>
<p><code>yaml
servicecomb:
rest:
address: 0.0.0.0:8080?sslEnabled=true
highway:
address: 0.0.0.0:7070?sslEnabled=true</code></p>
<h2 id="certificate-configuration">Certificate Configuration</h2>
<p>The certificate configuration item is written in the microservice.yaml file. It supports the unified development of certificates. It can also add tags for finer-grained configuration. The tag configuration overrides the global configuration. The configuration format is as follows:</p>
<pre><code>ssl.[tag].[property]
</code></pre>
<p>The common tags are as follows:</p>
<table>
<thead>
<tr>
<th style="text-align: left;">Project</th>
<th style="text-align: left;">tag</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">Service Center</td>
<td style="text-align: left;">sc.consumer</td>
</tr>
<tr>
<td style="text-align: left;">Configuration Center</td>
<td style="text-align: left;">cc.consumer</td>
</tr>
<tr>
<td style="text-align: left;">Kanban Center</td>
<td style="text-align: left;">mc.consumer</td>
</tr>
<tr>
<td style="text-align: left;">Rest server</td>
<td style="text-align: left;">rest.provider</td>
</tr>
<tr>
<td style="text-align: left;">Highway Server</td>
<td style="text-align: left;">highway.provider</td>
</tr>
<tr>
<td style="text-align: left;">Rest client</td>
<td style="text-align: left;">rest.consumer</td>
</tr>
<tr>
<td style="text-align: left;">Highway Client</td>
<td style="text-align: left;">highway.consumer</td>
</tr>
<tr>
<td style="text-align: left;">auth client</td>
<td style="text-align: left;">apiserver.consumer</td>
</tr>
<tr>
<td style="text-align: left;">Generally, there is no need to configure tags. The normal situation is divided into three categories: 1. Connecting internal services 2. As a server 3. As a client, if the certificates required by these three types are inconsistent, then you need to use tags to distinguish</td>
<td style="text-align: left;"></td>
</tr>
</tbody>
</table>
<p>The certificate configuration items are shown in Table 1. Certificate Configuration Item Description Table.
<strong>Table 1 Certificate Configuration Item Description Table</strong></p>
<table>
<thead>
<tr>
<th style="text-align: left;">Configuration Item</th>
<th style="text-align: left;">Default Value</th>
<th style="text-align: left;">Range of Value</th>
<th style="text-align: left;">Required</th>
<th style="text-align: left;">Meaning</th>
<th style="text-align: left;">Caution</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">Ssl.engine</td>
<td style="text-align: left;">jdk</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">ssl protocol, provide jdk/openssl options</td>
<td style="text-align: left;">default jdk</td>
</tr>
<tr>
<td style="text-align: left;">ssl.protocols</td>
<td style="text-align: left;">TLSv1.2</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Protocol List</td>
<td style="text-align: left;">separated by comma</td>
</tr>
<tr>
<td style="text-align: left;">ssl.ciphers</td>
<td style="text-align: left;">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,<br/>TLS_ECDHE_RSA_WITH _AES_128_GCM_SHA256</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">List of laws</td>
<td style="text-align: left;">separated by comma</td>
</tr>
<tr>
<td style="text-align: left;">ssl.authPeer</td>
<td style="text-align: left;">false</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Whether to authenticate the peer</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.checkCN.host</td>
<td style="text-align: left;">false</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Check whether the CN of the certificate is checked.</td>
<td style="text-align: left;">This configuration item is valid only on the Consumer side and is valid using the http protocol. That is, the Consusser side uses the rest channel. Invalid for Provider, highway, etc. The purpose of checking CN is to prevent the server from being phishing, refer to Standard definition: <a href="https://tools.ietf.org/html/rfc2818.">https://tools.ietf.org/html/rfc2818. </a></td>
</tr>
<tr>
<td style="text-align: left;">ssl.trustStore</td>
<td style="text-align: left;">trust.jks</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Trust certificate file</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.trustStoreType</td>
<td style="text-align: left;">JKS</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Trust Certificate Type</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.trustStoreValue</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Trust Certificate Password</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.keyStore</td>
<td style="text-align: left;">server.p12</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Identity Certificate File</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.keyStoreType</td>
<td style="text-align: left;">PKCS12</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Identity Certificate Type</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.keyStoreValue</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Identity Certificate Password</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.crl</td>
<td style="text-align: left;">revoke.crl</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">Revoked Certificate File</td>
<td style="text-align: left;">-</td>
</tr>
<tr>
<td style="text-align: left;">ssl.sslCustomClass</td>
<td style="text-align: left;">-</td>
<td style="text-align: left;">org.apache.servicecomb.foundation.ssl.SSLCustom implementation class</td>
<td style="text-align: left;">No</td>
<td style="text-align: left;">SSLCustom class implementation for developers to convert passwords, file paths, etc.</td>
<td style="text-align: left;">-</td>
</tr>
</tbody>
</table>
<blockquote>
<p><strong>Description</strong>:</p>
<ul>
<li>The default protocol algorithm is a high-intensity encryption algorithm. The JDK needs to install the corresponding policy file. Reference: <a href="Http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html">http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html</a>. You can use a non-high-intensity algorithm in your profile configuration.</li>
<li>Microservice consumers, can specify certificates for different providers (current certificates are issued according to HOST, different providers use a certificate storage medium, this medium is also used by the microservice access service center and configuration center ).</li>
</ul>
</blockquote>
<h2 id="sample-code">Sample Code</h2>
<p>An example of a configuration for enabling TLS communication in the microservice.yaml file is as follows:</p>
<pre><code class="language-yaml">servicecomb:
service:
registry:
address: https://127.0.0.1:30100
config:
client:
serverUri: https://127.0.0.1:30103
rest:
address: 0.0.0.0:8080?sslEnabled=true
highway:
address: 0.0.0.0:7070?sslEnabled=true
#########SSL options
ssl.protocols: TLSv1.2
ssl.authPeer: true
ssl.checkCN.host: true
#########certificates config
ssl.trustStore: trust.jks
ssl.trustStoreType: JKS
ssl.trustStoreValue: Changeme_123
ssl.keyStore: server.p12
ssl.keyStoreType: PKCS12
ssl.keyStoreValue: Changeme_123
ssl.crl: revoke.crl
ssl.sslCustomClass: org.apache.servicecomb.demo.DemoSSLCustom
</code></pre>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.dd8806f2.min.js"></script>
</body>
</html>