HTTPS in REST

Description:

All settings described in this section are found in the file application.properties placed
inside the config directory, which can be found in the installation directory after the
installation is complete.

• If you intend to use the server with HTTP only, then leave the file application.properties as it is and do not make ANY modifications to it.

• If you intend to use the server with HTTPS, then you should uncomment ALL the properties in the file application.properties and assign appropriate values to them.

NB: The file application.properties contains extensive description on how to configure HTTPS and it can be used as a reference.

Format:

server.ssl.enabled={true|false}

Default:

true

Purpose:

Controls the kind of requests that the REST server accepts

• server.ssl.enabled=true - the server will accept only HTTPS requests
• server.ssl.enabled=false - the server will accept only HTTP requests

Example:

server.ssl.enabled=true

Format:

server.http.port={Valid free port number}

Default:

None, should be explicitly specified by the user

Purpose:

HTTPS always uses the port specified in server.port (if HTTPS is not enabled, then server.port is used by HTTP). When HTTPS is enabled and the user makes an HTTP request, the request is automatically redirected to HTTPS and the port that is used for HTTPS. Since HTTP and HTTPS cannot use the same port, a port for HTTP should be specified as well - this is achieved through server.http.port.

Example:

server.http.port=8282

The example above means that the server will listen for HTTP requests on port 8282. Once such a request is received, it will be forwarded to HTTPS on the port specified in server.port.

Format:

server.ssl.key-store={Path to the keystore file that contains the certificate}

NB: The path should be an URI and the way it is specified is platform-specific

• Possible ways of pointing to the same /etc/fstab file in UNIX:
  1. file://localhost/etc/fstab
  2. file:///etc/fstab
  3. file:/etc/fstab (KDE environment specific)
• Possible ways of pointing to the same c:\WINDOWS\clock.avi local file in Windows:
  1. file://localhost/c:/WINDOWS/clock.avi
  2. file:///c:/WINDOWS/clock.avi (URI as understood by the Windows Shell API)

Default:

None, should be explicitly specified by the user

Purpose:

Used for setting the path to the keystore file containing the certificate.

Example:

• Windows specific path example

server.ssl.key-store=file:///C:/Temp/keystore.p12

• UNIX specific path example

server.ssl.key-store=file:///temp/keystore.p12

Format:

server.ssl.key-store-password={Password of the keystore file}

NB: The password should be provided in plain-text format

Default:

None, should be explicitly specified by the user

Purpose:

Provides the password for the keystore

Example:

server.ssl.key-store-password=<enter_your_keystore_password>

Format:

server.ssl.keyStoreType={Type of keystore}

NB: Currently, only PKCS12 keystores are supported

Default:

PKCS12

Purpose:

Used for specifying the keystore type

Example:

server.ssl.keyStoreType=PKCS12

Format:

server.ssl.keyAlias={Alias mapped to the certificate}

Default:

None, should be explicitly specified by the user

Purpose:

Used for specifying the alias that identifies the key in the keystore

Example:

server.ssl.keyAlias=tomcat