I want to run my JSON API service on top of HTTPS Ledger API. What is the correct way to setup? My understanding is that cert-chain-file and private-key-file in JOSN configuration are for mutual TLS. Can I ignore them and only provide trust-collection-file? Thanks.
ledger-api {
address = "127.0.0.1"
port = 6865
tls {
enabled = "true"
// the certificate to be used by the server
cert-chain-file = "cert-chain.crt"
// private key of the server
private-key-file = "pvt-key.pem"
// trust collection, which means that all client certificates will be verified using the trusted
// certificates in this store. if omitted, the JVM default trust store is used.
trust-collection-file = "root-ca.crt"
}
}
If you don’t use mutual TLS for client authentication, you only need to specify --cacrt or --tls, depending whether you use a custom self-signed root certificate or not.
Where can i setup --tls or --cacrt in following code section? Make sure json node will connect to ALB via tls.
ledger-api {
address = “127.0.0.1”
port = 6865
tls {
enabled = “true”
// the certificate to be used by the server
cert-chain-file = “cert-chain.crt”
// private key of the server
private-key-file = “pvt-key.pem”
// trust collection, which means that all client certificates will be verified using the trusted
// certificates in this store. if omitted, the JVM default trust store is used.
trust-collection-file = “root-ca.crt”
}
}
--tls and --cacert are the command line options that correspond to ledger-api.tls.enabled and ledger-api.tls.trust-collection-file in the configuration file
You need to start the JSON API Server with the command line flag --cacrt= root-ca.crt to get the JSON API server to connect using TLS using that root cert.