Configure EFM Server TLS

You can configure the server to authenticate users based on a client certificate provided for TLS mutual authentication. The server's TLS settings, including what certificates it will trust, are configured using the efm.security.tls.* prefixed properties in the efm.properties file.

  1. Open the efm.properties file.
    The properties pertaining to TLS configuration are the following:
    efm.server.ssl.enabled=false
    efm.server.ssl.keyStore=/path/to/keystore.jks
    efm.server.ssl.keyStoreType=jks
    efm.server.ssl.keyStorePassword=
    efm.server.ssl.keyPassword=
    efm.server.ssl.trustStore=/path/to/truststore.jks
    efm.server.ssl.trustStoreType=jks
    efm.server.ssl.trustStorePassword=
    efm.server.ssl.clientAuth=WANT
  2. Change efm.security.user.certificate.enabled=false to efm.security.user.certificate.enabled=true.
  3. Change efm.server.ssl.clientAuth=WANT to efm.server.ssl.clientAuth=NEED.