To enable security, add the following to the server instance's configuration:
HTTPS port
Valid certificate stored in a PEM formatted certificate chain
Valid private key stored in PEM format
The following configuration excerpt configures a server instance
to accept secure connections on port 9920, use the certificate stored
in ./x509/my-cert.pem
, and use the unencrypted
private key stored in ./x509/my-key.pem
.
... --https 9920 --x509-cert-chain ./x509/my-cert.pem --x509-private-key ./x509/my-key.pem ...
The default security settings allow all clients to access all programs hosted by the server instance. The server instance does not authenticate the clients, nor does it perform any authorization. The default settings enable all security protocols and enable all cipher suites, save for eNULL.
In production settings that require greater security than that
provided by an unencrypted private key, use an encrypted private key.
You specify the passphrase for decrypting the private key in a file
with owner-read-only access, and use the --x509-passphrase
property
to tell the server instance about it.
... --https 9920 --x509-cert-chain ./x509/my-cert.pem --x509-private-key ./x509/my-key.pem --x509-passphrase ./x509/my-passphrase ...