-
Notifications
You must be signed in to change notification settings - Fork 2
tls
restaf-server can be configured to support TLS.
This is accomplished by the following configurations
Make sure VIYA_SERVER is set as https://....
Also make sure that one of the redirects for your clientid is https://{APPHOST}/{APPNAME} (ex: https://localhost/viyademo)
Use https when specifying the APPHOST and APPORT as shown below.
APPHOST=https://mymachine
APPPORT=443You must specify one of the following sets
TLS_KEY=path-to-key
TLS_CERT=path-to-certTLS_PFX=../certs/sascert/sascert2.pfx
TLS_PW=rafdemo
Optionally you can also pass in a CA bundle
TLS_CABUNDLE=path-to-your-ca-bundleBefore you do that contact your IT to see if they have some standard process to obtain certificates.
You might find the following commands useful if you want to do it yourself.
openssl req -x509 -newkey rsa:2048 -keyout ./certs/key.tmp.pem -out ./certs/certificate.pem -days 365 -nodes -subj "/C=US/ST=NC/L=Cary/O=ORG/OU=DEPT/CN=localhost"
openssl rsa -in ./certs/key.tmp.pem -out ./certs/key.pem
Replace the values in the subj strign with values appropriate for your use case ex: /C=US/ST=NC/L=Cary/O=ACME/OU=MKT/CN=acme.apps.com
-
Securing Node.js apps with SSL/TLS - https://blog.usejournal.com/securing-node-js-apps-with-ssl-tls-b3570dbf84a5
-
OpenSSL Tutorial: How Do SSL Certificates, Private Keys, & CSRs Work? https://phoenixnap.com/kb/openssl-tutorial-ssl-certificates-private-keys-csrs
-
OpenSSL Quick Reference Guide https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm