WebServer TLS configuration

WebServer TLS configuration: Configure TLS either programmatically, or by the Helidon configuration framework.

Configuring TLS in your code

To configure TLS in WebServer programmatically create your keystore configuration and pass it to the WebServer builder.

KeyConfig keyConfig = KeyConfig.keystoreBuilder()
                //Whether this keystore is also trust store
                .trustStore()
                //Keystore location/name
                .keystore(Resource.create("keystore.p12"))
                //Password to the keystore
                .keystorePassphrase("password")
                .build();

WebServer.builder()
         .tls(WebServerTls.builder()
               .trust(keyConfig)
               .privateKey(keyConfig)
               .build())
         .build();

Copied

Configuring TLS in the config file

It is also possible to configure TLS via the config file.

WebServer TLS configuration file application.yaml

server:
  tls:
    #Truststore setup
    trust:
      keystore:
        passphrase: "password"
        trust-store: true
        resource:
          resource-path: "keystore.p12"
    #Keystore with private key and server certificate
    private-key:
      keystore:
        passphrase: "password"
        resource:
          resource-path: "keystore.p12"

Copied

Then, in your application code, load the configuration from that file.

WebServer initialization using the application.yaml file located on the classpath

Config config = Config.create();
WebServer webClient = WebServer.create(routing, config.get("server"));

Copied

Or you can only create WebServerTls instance based on the config file.

WebServerTls instance based on application.yaml file located on the classpath

Config config = Config.create();
WebServerTls.builder()
    .config(config.get("server.tls"))
    .build();

Copied

This can alternatively be configured with paths to PKCS#8 PEM files rather than KeyStores:

WebServer TLS configuration file application.yaml

server:
  tls:
    #Truststore setup
    trust:
      pem:
        certificates:
          resource:
            resource-path: "ca-bundle.pem"
    private-key:
      pem:
        key:
          resource:
            resource-path: "key.pem"
        cert-chain:
          resource:
            resource-path: "chain.pem"

Copied

Configuration options

See all configuration options here.

Available server certificate configuration options:

Configuration key	Default value	Java type	Description
`client-auth`	NONE	Enum	See here for all possible values. Whether to require client certificate authentication
`protocols`		String	TLS protocols to enable with the server socket
`session-cache-size`		int	The size of the cache used for storing SSL session objects
`session-timeout-seconds`		int	The timeout for the cached SSL session objects, in seconds
`private-key`		Object	Keystore configuration, please follow the example above
`trust`		Object	Keystore configuration, please follow the example above