This repository was archived by the owner on May 22, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathconf.yml
More file actions
55 lines (43 loc) · 1.47 KB
/
conf.yml
File metadata and controls
55 lines (43 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
server:
applicationConnectors:
- type: https
port: 8443
# Key store settings
keyStorePath: classpath:tls/keystore.jks
keyStorePassword: "notsecret"
# Trust store settings
trustStorePath: classpath:tls/truststore.jks
trustStorePassword: "notsecret"
# Whether or not CRL Distribution Points (CRLDP) support is enabled
enableCRLDP: true
# Whether or not Online Certificate Status Protocol (OCSP) support is enabled
enableOCSP: true
# Fail fast at startup if the certificates are invalid
validateCerts: true
# Whether or not to require authentication by peer certificate
needClientAuth: true
# Check peer certificates for validity when establishing a connection
validatePeers: true
# The list of supported SSL/TLS protocols. You may need to modify
# this section to support clients that you have.
supportedProtocols: ["TLSv1.2"]
supportedCipherSuites: ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
allowRenegotiation: false
adminConnectors:
- type: http
port: 8444
logging:
level: INFO
appenders:
- type: console
security:
tlsAuthZ:
allowedClientDnRegex: "^.*\\bCN=Homepage Service\\b(?:,.*|\\s*)$"
jwtVerification:
allowedSignerDnRegex: "^CN=Homepage Service(,.*|\\s*)$"
truststoreResourcePath: "jwt/truststore.jks"
truststorePassphrase: "notsecret"
truststoreAliases:
- "root"
data:
namesResource: users/names.txt