httpClient : caCertificates
Certificate authority (CA) files for the service to authenticate server certificates.
Value |
String. The path and filename of a CA X.509 certificate file in PEM format. For example: [./keys/CA.crt] If you have certificates from more than one CA, specify a comma-separated list (one file per CA). For example: [./keys/CA.crt,./keys/myhttpserver.crt] The filepath is relative to $KR_DATA_DIR/config. You cannot specify an absolute path. For the recommended path, see Copying certificates and keys. |
Default |
(empty) |
How to set |
In Management Station, set on the Krypton service. If not using Management Station, set in the Krypton configuration file (User-kryptonxx.yaml, seeConfiguration roadmap). |
Usage |
Typically changed once, when setting up secure connections during the transition from development to production environments. See Securing connections with SSL/TLS. Valid when httpClient : rejectUnauthorized is enabled. |
The httpClient properties control how the service behaves when acting as a client.
Specifies the certification authority file (or files) for validating the certificates of an HTTPS resource. When a Dragon Voice service acts as a client (by sending an https GET or POST to a server), the server responds by sending its certificate to the client. (For example, a service is a client when it registers with the Resource Manager service.) The client service receives the server's certificate and authenticates it using a CA certificate specified by this property. (The client only authenticates when you've enabled its rejectUnauthorized property.)
Most sites do not need to specify this property. By default (the property is empty), the service loads any trusted CA signing certificates already loaded on the host. This means that if you acquire Speech Suite certificates from an authority that is already loaded, it's not necessary to configure this property. (There's no problem if you specify the property unnecessarily, in which case you overwrite the default behavior.) If you acquire certificates from more than one authority, include every CA file.
To use the default certificates or any other self-signed certificates set this parameter to false.