|
It is strongly recommended that you configure SSL/TLS for communication between the eMessage Connector and the GAS. The options to set for SSL/TLS are described in the following table.
|
Property
|
Default Value
|
Description
|
---|---|---|
session-startup-timeout
|
120 seconds (2 minutes)
|
Defines the timeout for the start of a remote session, in seconds. This timeout is the number of seconds before a session that has not started is closed. The timeout must be greater than the asset Ping rate.
|
gas.http-client.connect-timeout
|
600000
|
The number of milliseconds before the connection to the GAS times out. The Connector drops the connection.
|
gas.http-client.request-timeout
|
100000
|
The number of milliseconds before a request to the GAS times out.
|
gas.http-client.ssl.enabled
|
false
|
Whether SSL/TLS is enabled for the connection between the Connector and the GAS.
|
gas.http-client.ssl.verify-host
|
false
|
Whether to verify the hostname used to connect to the GAS against the hostname presented in the server certificate.
|
gas.http-client.ssl.trust-all-certificates
|
false
|
Whether all server certificates should be trusted.
|
gas.http-client.ssl.trust-store.file
|
The name of the trust store file, in .jks format. If trust-all-certificates is false, then a client trust store must be configured and should contain the certificates of the server that the cliewnt trusts.
|
|
gas.http-client.trust-store.password
|
The password for the trust store.
|
|
gas.http-client.ssl.key-store.file
|
The name of the key-store file (.jks format). If GAS requires client authentication, the client must present its own certificate to the server when connecting.
|
|
gas.http-client.key-store.password
|
The password for the key-store file.
|
|
gas.http-client.ssl.additional-cipher-suites
|
By default the TLS configuration will use the cipher suites of the JVM.
|
The list of additional cipher suites to enable for the TLS configuration. For example:
additional-cipher-suites = [ "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256" ] |
gas.http-client.ssl.certificate-revocation-list-files
|
The list of files that specify the X.509 certificate revocation list. Trust can be configured to use a certificate revocation list (CRL) for revoked certificates that should no longer be trusted. For example:
certificate-revocation-list-files = [ "/some/path/to/crl.pem" ] |