...
Copy the certificate file into
[service-manager]\certificates
.Find the yuuvis® RAD gateway configuration section in the
[service-manager]\config\servicewatcher-sw.yml
file (search for "gateway
"), and change the port from 80 to 443.Add the following lines to the
[service-manager]\config\gateway-prod.yml
file.Code Block server.ssl.key-store: '../../certificates/ca.p12' server.ssl.key-store-password: 'optimal' server.ssl.key-store-type: 'PKCS12' server.ssl.key-alias: '1' server.ssl.key-password: 'optimal' server.ssl.enabled-protocols: 'TLSv1.2,TLSv1.3' eureka.instance: prefer-ip-address: false non-secure-port-enabled: false secure-port-enabled: true secure-port: ${server.port} statusPageUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/manage/info healthCheckUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/manage/health secureHealthCheckUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/manage/health homePageUrl: https://${eureka.instance.hostname}:${eureka.instance.secure-port}/ hostname: <hostname/dns-name>
Modify the settings to match those of the certificate you installed:
If the certificate is issued to a DNS alias of the server, then the gateway needs to bind against this alias as well and publish URLs that can be called by other services with this alias address. This includes theeureka.instance.hostname
URL shown above. The same applies if your certificate is issued to thehostname
of the server. In this case, the gateway needs to bind to thehostname
. As a consequence, theeureka.instance.preferIpAddress
parameter needs to be added and set to false.
If desired, the passwords can be saved encrypted. To do so, execute "<service-manager>\tools\encode.bat <plaintext_password>" (omit the < >) in a command prompt (cmd.exe) and copy the return value (including the ENC( )) to the configuration file (replacing the plaintext password).
If a custom context-path is configured, the line 'secure-port: ${server.port}' needs to be changed to 'secure-port: ${management.server.port}'Restart the yuuvis® RAD service-manager service.
...