1 of 1

TLS

This page describes how to configure TLS for the Lenses Agent.

By default, the Agent does not provide TLS termination but can be enabled via a configuration option. TLS termination is recommended for enhanced security and a prerequisite for integrating with SSO (Single Sign On) via SAML2.0.

TLS termination can be configured directly within Agent or by using a TLS proxy or load balancer.

Global Truststore

To use a non-default global truststore, set the path in accordingly with the LENSES_OPTS variable.

LENSES_OPTS=-Djavax.net.ssl.trustStore=/path/to/truststore

Custom Truststore

lenses.conf

lenses.ssl.truststore.location = "/path/to/truststore.jks"
lenses.ssl.truststore.password = "changeit"

Mutual TLS

To enable mutual TLS, set your keystore accordingly.

lenses.conf

# To secure and encrypt all HTTPS connections to Lenses via TLS termination.
# Java Keystore location and passwords
lenses.ssl.client.auth = true
lenses.ssl.keystore.location = "/path/to/keystore.jks"
lenses.ssl.keystore.password = "changeit"
lenses.ssl.key.password      = "changeit"


# You can also tweak the TLS version, algorithm and ciphers
#lenses.ssl.enabled.protocols = "TLSv1.2"
#lenses.ssl.cipher.suites     = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WIT