Login
Contents x
SSL Properties
  • 23 Nov 2022
  • Dark
    Light
  • PDF
Contents

SSL Properties

  • Updated on 23 Nov 2022
  • Dark
    Light
  • PDF
Article summary

Definition

All SSL/TLS properties are contained within the ssl object in the IAP Service Instance Configuration for the adapter. These tell the adapter libraries how to handle security related to the request.

Property Type Required Description
ecdhCurve string No -> "" In testing with Node.js 8 and Node.js 9 there is an issue sometimes where a PROTO error is returned when attempting to connect. This issue was fixed in later versions of Node, but to fix it in Node.js 8 and Node.js 9, set ecdhCurve to “auto” if you are seeing a similar issue.

Note: This is the only use of this property.
enabled boolean Yes Determines whether the external system has SSL enabled for requests.
accept_invalid_certs boolean Yes (if SSL enabled) Tells adapter whether it should accept (i.e., ignore) invalid certificates.

Note: Only set this to true in lab environments.
ca_file string Yes (if SSL enabled & not accepting invalid certs) The fully qualified path name to the ca_file used for SSL.
key_file string No The fully qualified path name to the key_file used for SSL.
cert_file string No The fully qualified path name to the certificate file used for SSL.
secure_protocol string No The secure protocol for the SSL handshake.
ciphers string Yes (if SSL enabled) The hyphenated list of acceptable ciphers.

Example Scenario

  • The system is secured with SSL. Thus, SSL needs to be enabled.
  • For lab environments, it is permissible to just enable SSL and then accept invalid certificates.
    • Note: This practice should only be used in labs.
  • For production, you will want to provide other information.
    • In this case, the CA file is in /root/mycafile.
    • The secure protocol will be SSL 3.0.
    • In this case, no ciphers are used.

IAP Service Instance Configuration Properties for the Adapter

"ssl": {
  "ecdhCurve": "",
  "enabled": true,
  "accept_invalid_cert": false,
  "ca_file": "/root/mycafile",
  "key_file": "",
  "cert_file": "",
  "secure_protocol": "SSLv3_method",
  "ciphers": ""
}
Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2022 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout