Configure EFM Server for TLS

You can configure the server to authenticate users based on a client certificate provided for TLS mutual authentication. The server's TLS settings, including what certificates it will trust, are configured using the efm.security.ssl.* prefixed properties in the efm.properties file.

Open the efm.properties file.

The properties pertaining to TLS configuration are the following:

efm.server.ssl.enabled=false
efm.server.ssl.keyStore=/path/to/keystore.jks
efm.server.ssl.keyStoreType=jks
efm.server.ssl.keyStorePassword=
efm.server.ssl.keyPassword=
efm.server.ssl.trustStore=/path/to/truststore.jks
efm.server.ssl.trustStoreType=jks
efm.server.ssl.trustStorePassword=
efm.server.ssl.clientAuth=WANT

Change efm.security.user.certificate.enabled=false to efm.security.user.certificate.enabled=true.
Change efm.server.ssl.clientAuth=WANT to efm.server.ssl.clientAuth=NEED.