Support https calls to external services¶
The Security Proxy requests external services, eg. request mapper. Configure the trusted certificates via the following properties to support https calls.
The first two properties are responsible for keeping information about trusted certificates:
SECURITY_PROXY_SSL_LUA_TRUSTED_CERTIFICATEpoints to the location of the certificate file in PEM formatSECURITY_PROXY_SSL_LUA_VERIFY_DEPTHinforms the Security Proxy how deep in the certificate chain verification should be done.
The third property can be set optionally:
SECURITY_PROXY_NGINX_DNScontains DNS server, by default set to8.8.8.8.
The following table presents all the properties mentioned above:
| Property | Required | Default | Description |
|---|---|---|---|
| SECURITY_PROXY_SSL_LUA_TRUSTED_CERTIFICATE | yes | /etc/pki/tls/certs/ca-bundle.crt | Specifies a file path with trusted CA certificates in the PEM format used to verify the certificate of the SSL/TLS server. |
| SECURITY_PROXY_SSL_LUA_VERIFY_DEPTH | yes | 3 | Sets the verification depth in the server certificates chain. |
| SECURITY_PROXY_NGINX_DNS | no | 8.8.8.8 | DNS address (resolver) used by nginx to resolve dns names. |