HTTP/HTTPS Support
Configure HTTP Support
The place where to configure the core HTTP settings are in the ${TIF_ROOT}/etc/tif.custom.properties
file.
Below is a list of properties TIF support today.
# Setting port < 1 disables HTTP support
http.port = 8181
http.maxIdleTime = 30000
http.requestHeaderSize = 8192
Configure HTTPS Support
The place where to configure the core HTTPS settings are in the ${TIF_ROOT}/etc/tif.custom.properties
file.
By default the HTTPS support is disabled since the default value of https.port is set to -1. To enable it, you need to specify the port (probably use port 443), a keystore and its password and alias.
Below is a list of all parameters that can be set.
#https.port=-1
#https.keyStore.path=<path to keystore, example: etc/keystore>
#https.keyStore.password=secret
#https.keyStore.type=
#https.keyStore.provider=
#https.keyManager.password=
#https.trustStore.path=<path to the trust-store, example: etc/keystore>
#https.trustStore.password=secret
#https.trustStore.type=
#https.trustStore.provider=
#https.certAlias=
#https.includeCipherSuites=<comma separated list>
#https.excludeCipherSuites=<comma separated list>
#https.maxIdleTime=30000
For further details around SSL/TLS please refer to this page.
TLS Version
Supported TLS version vary on used Java JRE. For example Java 11 typically enable TLS 1.3 by default, whereas older Java 8 releases might only support TLS 1.2 or lower.
Consult Java documentation for more information.
SSL Enabling Example
Assuming that you have a valid certificate including a private key, available in the files
-
server.crt
-
server.key
Then you need to create a Java keystore from these files.
First, you need to convert the certificate into PKCS12 format. Below is an example how to do so with openssl. Note that you will be asked for passwords that you will have to remember.
openssl pkcs12 \
-export \
-in server.crt \
-inkey server.key \
-out server.p12 \
-name tif
The next step is to use keytool from the Java installation in order to import the PKCS12 certificate into a Java keystore. Below is an example showing how to do so. Note that the password secret should be changed.
keytool \
-importkeystore \
-deststorepass secret \
-destkeypass secret \
-destkeystore keystore \
-deststoretype PKCS12 \
-srckeystore server.p12 \
-srcstoretype PKCS12 \
-srcstorepass secret \
-alias tif
Then, copy the keystore file into the directory ${TIF_HOME}/etc/
.
Finally, add into ${TIF_HOME}/etc/tif.custom.properties
these properties.
https.port=443
https.keyStore.path=etc/keystore
https.keyStore.password=secret
https.certAlias=tif
Start TIF and ensure that it works correctly with HTTPS on port 443 (which is the default port for HTTPS).
Configure Self Signed Certificate
Simply setting up TIF with a self signed certificate is simple and useful for testing. Just follow these steps:
-
Use keytool to create the keystore
cd $TIF_HOME/etc keytool -keystore keystore -alias tif -genkey -keyalg RSA -sigalg SHA256withRSA
Then you will be asked for some information like shown below.
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <tif> (RETURN if same as keystore password):
-
Modify
${TIF_HOME}/etc/tif.custom.properties
https.port=443 https.keyStore.path=etc/keystore https.keyStore.password=password https.certAlias=tif
Done
HTTP/HTTPS Client
TIF is also used as a HTTP/HTTPS client in case you have integrations that will communicate via HTTP.
There are some global settings you may need to adjust for this client discussed in the sub-chapters below.
Proxy Configuration
To configure using proxy servers when creating outbound HTTP calls from TIF,
you can set this from ${TIF_HOME}/etc/tif.custom.properties
There are two properties to use, e.g
http.proxy
-
Defines proxy server for plain HTTP calls.
https.proxy
-
Defines proxy server for secure HTTP calls.