Configure Mutual TLS¶
To configure the Logic Service for mutual TLS:
In the config.json file, locate the section httpServer-> dataExchange.
Update
sslBundleFilePath
with the file path to thepeek_bundle.pem
file.Update
sslMutualTLSCertificateAuthorityBundleFilePath
with the file path to thepeek_mtls_ca_bundle.pem
file.Update
sslMutualTLSTrustedPeerCertificateBundleFilePath
with the file path to thepeek_mtls_trusted_peer_bundle.pem
file.Update
sslEnableMutualTLS
totrue
Update
useSsl
totrue
"httpServer": {
...
...
...
"dataExchange": {
"sitePort": 8011,
"sslBundleFilePath": "/tmp/self-signed/peek_bundle.pem",
"sslEnableMutualTLS": true,
"sslMutualTLSCertificateAuthorityBundleFilePath": "/tmp/self-signed/peek_mtls_ca_bundle.pem",
"sslMutualTLSTrustedPeerCertificateBundleFilePath": "/tmp/self-signed/peek_mtls_trusted_peer_bundle.pem",
"useSsl": true
}
}
Configure the Mutual TLS on the Peek Services, update the Peek
Agent, Field, Office, and Worker services .json
files with the
following:
In the configuration file, locate the
dataExchange
section.Update
host
with the domain name of Peek Logic which matches pattern *.peek.local TODOEnsure the DNS service on current mutual TLS client resolves the domain name in host to the IP of Peek Logic server.
Update
sslClientBundleFilePath
with the file path to thepeek_bundle.pem
file.Update
sslClientMutualTLSCertificateAuthorityBundleFilePath
with the file path to thepeek_mtls_ca_bundle.pem
file.Update
sslMutualTLSTrustedPeerCertificateBundleFilePath
with the file path to thepeek_mtls_trusted_peer_bundle.pem
file.Update
sslEnableMutualTLS
totrue
.Update
useSsl
totrue
"dataExchange": {
"host": "[hostname]",
"httpPort": 8011,
"sslClientBundleFilePath": "[full path to peek_bundle.pem]",
"sslClientMutualTLSCertificateAuthorityBundleFilePath":"[full path to peek_mtls_ca_bundle.pem]",
"sslEnableMutualTLS": true,
"sslMutualTLSTrustedPeerCertificateBundleFilePath": "[peek_mtls_trusted_peer_bundle.pem]",
"useSsl": false
},
Restart the Peek Services.
p_restart.sh