All Hermes modules support secure transport in their own way:
- Frontend can accept SSL (or Http/2) traffic
- Consumers can send messages via SSL
- Management operations can be secured using SSL
Currently we will describe only Consumers SSL configuration.
Consumers by default support sending traffic to
By default hermes uses JRE trust store (located in
$JAVA_HOME/jre/lib/security/) to verify the certificates.
It loads file
jssecacerts if exists, otherwise it loads file
In case of lack of both files the
FileNotFoundException is thrown.
It is possible to use custom trust store by setting the property
provided, which by default is set to
In case of provided trust store it is required to specify additional properties:
|consumer.ssl.truststoreLocation||path to custom trust store (it could be the classpath or a path in a file system)||
|consumer.ssl.truststoreFormat||trust store format||
|consumer.ssl.truststorePassword||password to trust store||