HTTP/HTTPS Configuration
The Gateway Administration Console provides a view that allows to configure HTTP settings, accessible by navigating to the Security -> Http Service section.
This section allows to configure the following items:
### Plain HTTP support
The HTTP Ports parameter allows to define the ports for unencrypted HTTP. If the list if left empty, unencrypted HTTP support will be disabled.
HTTPS without certificate authentication support
The HTTPS Without Certificate Authentication Ports parameter allows to define the ports for HTTPS without client side authentication. If the list if left empty, HTTPS without client side authentication support will be disabled.
HTTPS with certificate authentication support
The HTTPS With Certificate Authentication Ports parameter allows to define the ports for HTTPS witht client side authentication. If the list if left empty, HTTPS with client side authentication support will be disabled.
### HTTPS keystore path and password
The HTTPS Keystore Path and HTTPS Keystore Password parameters allow to define the path and password of the keystore file containing the server certificate and private key pair used by the gateway (for both HTTPS ports) and the trusted certificates to be used for authenticating the clients.
The content of this keystore can be modified in the Certificate Management section.
### Client certificate revocation check options
The Http Service is capable of checking the revocation status of client certificates, see Certificate Revocation for more details.
### Restricting REST and Web Console access to specific ports
The RestService and Security -> WebConsole configuration sections contain an Allowed Ports parameter that allows to restrict access to the corresponding services on a specific set of ports.
Using these parameters allows for example to specify different firewall rules for Web Console and REST API access.
If the Allowed Ports parameter is left empty, access will be enabled on all ports.
The ports specified in the Allowed Ports list must also be enabled in HttpService configuration and access should be allowed with suitable firewall rules.
Updated about 1 year ago