Hello John,
Chris Phillips is coming from an APIC point of view and is aiming at the inbound TLS case (as I think you may have commented on his blog). HTTPSConnector settings only apply to inbound (the name is historical).
Just in case it helps, the settings are
BrokerRegistry:
# Used as default for inbound and outbound if no other settings are present
brokerKeystoreFile: '/home/tdolby/broker-keystore.jks'
ResourceManagers:
JVM:
# Used as default for inbound and outbound; overrides brokerKeystoreFile
keystoreFile: '/home/tdolby/jvm-keystore.jks'
HTTPSConnector:
# Specifies inbound keystore; overrides brokerKeystoreFile and JVM keystoreFile
KeystoreFile: '/home/tdolby/https-keystore.jks'
and there isn't an equivalent of HTTPSConnector KeystoreFile for outbound TLS.
To return to your original question: keeping the HTTPS outbound separate from the JVM setting isn't usually a problem, as the HTTPRequest node "SSL client authentication key alias" setting can be used to choose a specific key from the keystore. Inbound HTTPS can be kept separate by using the HTTPSConnector setting as shown.
Hope this makes sense!
------------------------------
Trevor Dolby
------------------------------
Original Message:
Sent: Thu October 06, 2022 05:48 AM
From: John Hawkins
Subject: HTTPSConnector:KeystoreFile not being picked up
Hi Folks,
we're using ACE 11.0.0.10. I'm trying to set up TLS for HTTPS request nodes.
I can set the JVM: keystoreFile property (lower case 'k') in server.conf.yaml. BUT, if I set HTTPSConnector:KeystoreFile (upper case 'K' !) it doesn't get used. I can see that it has been set - just not used.
Everything I read tells me it should get picked up and used. So, if I assume that a) the upper case 'K' is correct (I've tried it with both and neither work) then it looks like I'm forced into using the JVM Value. I would have preferred to keep the two separate - but not for any specific reason at this point, it just "feels" better that I have the flexibility.
Has anyone come across this issue before?
many thanks,
John.
------------------------------
John Hawkins
Integration Consultant
------------------------------