MTG CARA RIS Configuration
There is a main configuration file for MTG CARA RIS (Revocation Info Server) .
It contains the application configuration in the form of an application.properties file.
application.properties
This section describes the properties used to configure MTG CARA RIS.
Property |
Required |
Default |
Description |
cara.api.url |
true |
- |
Points to the HTTP location where the MTG CARA WS server is running. Example: cara.example.com/cara-ws-server |
cara.application.name |
true |
- |
The application name, given to MTG CARA RIS in the context of MTG CARA. It is used to identify the MTG CARA RIS application when communicating with MTG CARA. The value was inserted into the CARA database with the DB script setup.sql and can be viewed in the Cara Admin frontend. If no customization is present, the name should be Example: revocation-info-server |
cara.application.secret |
true |
- |
The secret used by the MTG CARA RIS application to authenticate itself when communicating with MTG CARA. The value was inserted into the CARA database with the DB script setup.sql and can be viewed in the Cara Admin frontend. |
cara.ws.client.truststore.path |
false |
The default Java CA truststore |
The location of a keystore file containing certificates that are used to verify the TLS connection to MTG CARA. This can be used to overwrite the default Java CA truststore. Example: /tmp/trustore.jks |
cara.ws.client.truststore.password |
false |
- |
The password protecting the truststore (see property |
cara.ws.client.truststore.type |
false |
- |
The format of the truststore (see property |
cara.ws.client.tls.version |
false |
TLSv1.2 |
The version of the TLS protocol to use in the connection to MTG CARA. Valid values are |
cara.ws.client.timeout.seconds |
false |
60 |
An integer value specifying the seconds to timeout the connection to MTG CARA. |
logging.file.name |
false |
- |
Specifies the location where the application log files are stored. Names can be an exact location or relative to the current directory. |
logging.level.app |
false |
WARN |
Specifies the log level of the log messages which are created directly by the application. |
logging.level.web |
false |
WARN |
This property sets the log level for the webserver layer. |
tomcat.ajp.enabled |
false |
false |
If set to true, this property enables the additional embedded tomcat ajp connector that is required by Apache HTTPd. |
tomcat.ajp.port |
false |
8956 |
Specifies the port for the ajp connector. It is used only if tomcat.ajp.enable is set to true. |
tomcat.ajp.secret-required |
false |
false |
If set to true, this property specified that an ajp secret is required by the ajp connector. It is used only if tomcat.ajp.enabled is set to true. |
tomcat.ajp.secret |
false |
- |
Specifies the ajp secret to be used by the ajp connector. It is used only if tomcat.ajp.enabled is set to true. |
server.servlet.context-path |
false |
/ |
Context path of the application. |
server.port |
false |
8906 |
Server HTTP port. |
management.elastic.metrics.export.enabled |
false |
false |
If set to true then metrics are sent to an OpenSearch server. It can be left empty. |
management.elastic.metrics.export.host |
false |
- |
Specifies the URL where the OpenSearch server can be accessed. It can be left empty. |
management.elastic.metrics.export.user-name |
false |
- |
Specifies the user who has access to the OpenSearch server. It can be left empty. |
management.elastic.metrics.export.password |
false |
- |
Specifies the password of the user of the OpenSearch server. It can be left empty. |
spring.profiles.include |
false |
- |
If set to value |
ldap.host |
false |
- |
Specifies the host on which the LDAP server that distributes the CRLs runs, where the CRLs are written. |
ldap.port |
false |
- |
Specifies the port on which the LDAP server that distributes the CRLs runs, where the CRLs are written. |
ldap.rootDN |
false |
- |
Specifies the rootDN of the LDAP server that distributes the CRLs, where the CRLs are stored. |
ldap.user |
false |
- |
Specifies the user of the LDAP server that distributes the CRLs, where the CRLs are stored. |
ldap.password |
false |
- |
Specifies the password of the user of the LDAP server that distributes the CRLs, where the CRLs are stored. |
ldap.ssl.enabled |
false |
false |
If set to true, the connection to LDAP is performed over TLS. |
ldap.attribute.crl |
false |
certificateRevocationList;binary |
Specifies the LDAP attribute where the CRLs are stored. |
ldap.crl.publications[i].configuration |
false |
- |
Specifies the name of the CRL configuration in CARA for which the CRL is published on the LDAP server. Depending on the number of configurations, the value of i is an integer, starting from 1. |
ldap.crl.publications[i].dn |
false |
- |
Specifies the distinguished name of the i-th LDAP entry where the CRL is stored. |
trusted.certificates.directory |
false |
- |
Specifies a directory on the filesystem where certificates used to verify TLS connections are located. |
Further properties that can be configured can be found here: docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html