Configure Mutual TLS¶
To configure the Logic Service for mutual TLS:
In the config.json file, locate the section httpServer-> dataExchange.
Update
sslBundleFilePathwith the file path to thepeek_bundle.pemfile.Update
sslMutualTLSCertificateAuthorityBundleFilePathwith the file path to thepeek_mtls_ca_bundle.pemfile.Update
sslMutualTLSTrustedPeerCertificateBundleFilePathwith the file path to thepeek_mtls_trusted_peer_bundle.pemfile.Update
sslEnableMutualTLStotrueUpdate
useSsltotrue
"httpServer": {
...
...
...
"dataExchange": {
"sitePort": 8011,
"sslBundleFilePath": "/tmp/self-signed/peek_bundle.pem",
"sslEnableMutualTLS": true,
"sslMutualTLSCertificateAuthorityBundleFilePath": "/tmp/self-signed/peek_mtls_ca_bundle.pem",
"sslMutualTLSTrustedPeerCertificateBundleFilePath": "/tmp/self-signed/peek_mtls_trusted_peer_bundle.pem",
"useSsl": true
}
}
Configure the Mutual TLS on the Peek Services, update the Peek
Agent, Field, Office, and Worker services .json files with the
following:
In the configuration file, locate the
dataExchangesection.Update
hostwith the domain name of Peek Logic which matches pattern *.peek.local TODOEnsure the DNS service on current mutual TLS client resolves the domain name in host to the IP of Peek Logic server.
Update
sslClientBundleFilePathwith the file path to thepeek_bundle.pemfile.Update
sslClientMutualTLSCertificateAuthorityBundleFilePathwith the file path to thepeek_mtls_ca_bundle.pemfile.Update
sslMutualTLSTrustedPeerCertificateBundleFilePathwith the file path to thepeek_mtls_trusted_peer_bundle.pemfile.Update
sslEnableMutualTLStotrue.Update
useSsltotrue
"dataExchange": {
"host": "[hostname]",
"httpPort": 8011,
"sslClientBundleFilePath": "[full path to peek_bundle.pem]",
"sslClientMutualTLSCertificateAuthorityBundleFilePath":"[full path to peek_mtls_ca_bundle.pem]",
"sslEnableMutualTLS": true,
"sslMutualTLSTrustedPeerCertificateBundleFilePath": "[peek_mtls_trusted_peer_bundle.pem]",
"useSsl": false
},
Restart the Peek Services.
p_restart_all.sh