Hi everyone,
I'm creating a module that creates a service and binds to a configurable port (similar to the mqtt distributor module that enables an mqtt service). I want to allow customers to enable ssl/tls if they want. I would like to reuse the tls certificate being used by the websever if possible. So my questions are,
-
Is there a way to programmtically check if ssl/tls has been enabled on the gateway?
-
If yes, How can i programmtically access the key and certificate?
Any info or guidance is appreciated! Thank you in advance!
I don't see any public API to support this, but you could certainly access the KeyStore file yourself.
Use these functions to determine the alias and passwords:
public static Optional<String> getSslKeyStoreAlias() {
String alias = System.getProperty("ignition.ssl.keystore.alias", "ignition");
return Optional.of(alias);
}
public static Optional<String> getSslKeyStorePassword() {
String password = System.getProperty("ignition.ssl.keystore.password", "ignition");
return Optional.of(password);
}
public static Optional<String> getSslPrivateKeyPassword() {
String password = System.getProperty("ignition.ssl.privatekey.password");
return Optional.ofNullable(password).or(() -> getSslKeyStorePassword());
}
The KeyStore file is at $IGNITION/webserver/ssl.pfx. If it doesn't exist I would assume SSL/TLS is not enabled.
2 Likes
This is working perfectly. Thank you! And just so I'm 100% clear, I'll use getSslKeyStorePassword to load the keystore and getSslPrivateKeyPassword when i go to get the private key from the keystore? I'm guessing ignition.ssl.privatekey.password will be set if the customer loads a private key that requires a password?
The private key entry always has a password, but it might be different than the KeyStore password, in which case this system property will be set.
All of these system properties are only set if non-default alias and/or passwords are being used.
1 Like