Support https calls to external services

The Security Proxy requests external services, eg. request mapper. Configure the trusted certificates via the following properties to support https calls.

The first two properties are responsible for keeping information about trusted certificates:

  • SECURITY_PROXY_SSL_LUA_TRUSTED_CERTIFICATE points to the location of the certificate file in PEM format
  • SECURITY_PROXY_SSL_LUA_VERIFY_DEPTH informs the Security Proxy how deep in the certificate chain verification should be done.

The third property can be set optionally:

  • SECURITY_PROXY_NGINX_DNS contains DNS server, by default set to 8.8.8.8.

The following table presents all the properties mentioned above:

Property Required Default Description
SECURITY_​PROXY_​SSL_​LUA_​TRUSTED_​CERTIFICATE yes /etc/pki/tls/certs/ca-bundle.crt Specifies a file path with trusted CA certificates in the PEM format used to verify the certificate of the SSL/TLS server.
SECURITY_​PROXY_​SSL_​LUA_​VERIFY_​DEPTH yes 3 Sets the verification depth in the server certificates chain.
SECURITY_​PROXY_​NGINX_​DNS no 8.8.8.8 DNS address (resolver) used by nginx to resolve dns names.