Chapter 11. Configuring Smart Router for TLS support

You can configure Smart Router (KIE Server Router) for Transport Layer Security (TLS) support to allow HTTPS traffic. In addition, you can disable unsecure HTTP connections to Smart Router.

Prerequisites

Procedure

To start Smart Router, use one of the following methods:

  • To start Smart Router with TLS support and HTTPS enabled as well as allowing HTTP connections, enter the following command:

    java  -Dorg.kie.server.router.tls.keystore = <KEYSTORE_PATH>
          -Dorg.kie.server.router.tls.keystore.password = <KEYSTORE_PASSWORD>
          -Dorg.kie.server.router.tls.keystore.keyalias = <KEYSTORE_ALIAS>
          -Dorg.kie.server.router.tls.port = <HTTPS_PORT>
          -jar rhpam-7.11.0-smart-router.jar

    In this example, replace the following variables:

  • <KEYSTORE_PATH>: The path where the keystore will be stored.
  • <KEYSTORE_PASSWORD>: The keystore password.
  • <KEYSTORE_ALIAS>: The alias name used to store the certificate.
  • <HTTPS_PORT>: The HTTPS port. The default HTTPS port is 9443.
  • To start Smart Router with TLS support and HTTPS enabled and with HTTP connections disabled, enter the following command:

    java  -Dorg.kie.server.router.tls.keystore = <KEYSTORE_PATH>
          -Dorg.kie.server.router.tls.keystore.password = <KEYSTORE_PASSWORD>
          -Dorg.kie.server.router.tls.keystore.keyalias = <KEYSTORE_ALIAS>
          -Dorg.kie.server.router.tls.port = <HTTPS_PORT>
          -Dorg.kie.server.router.port=0
          -jar rhpam-7.11.0-smart-router.jar

    When the org.kie.server.router.port system property is set to 0, then the HTTP listener is not registered. If TLS is configured and the HTTP listener is not registered, then Smart Router listens only on the HTTPS port.

    Note

    If TLS is not configured and you disable HTTP by setting org.kie.server.router.port to 0, then an error occurs and Smart Router stops.