Enable Security

To enable security, add the following to the server instance's configuration:

  • HTTPS port

  • Valid certificate stored in a PEM formatted certificate chain

  • Valid private key stored in PEM format

The following configuration excerpt configures a server instance to accept secure connections on port 9920, use the certificate stored in ./x509/my-cert.pem, and use the unencrypted private key stored in ./x509/my-key.pem.

...
--https 9920
--x509-cert-chain ./x509/my-cert.pem
--x509-private-key ./x509/my-key.pem
...

The default security settings allow all clients to access all programs hosted by the server instance. The server instance does not authenticate the clients, nor does it perform any authorization. The default settings enable all security protocols and enable all cipher suites, save for eNULL.

In production settings that require greater security than that provided by an unencrypted private key, use an encrypted private key. You specify the passphrase for decrypting the private key in a file with owner-read-only access, and use the --x509-passphrase property to tell the server instance about it.

...
--https 9920
--x509-cert-chain ./x509/my-cert.pem
--x509-private-key ./x509/my-key.pem
--x509-passphrase ./x509/my-passphrase
...
Was this topic helpful?