CA Gateway 3.2.0 - Docker Deployment Guide [PDF]

To configure CA Gateway, edit the application.yml file and add the following settings.

When adding these settings, follow the conventions below.

Use dashes ("-") instead of underscores ("_") in the key names. For example, we recommend:

aws-api-url

Instead of:

aws_api_url
Expand all properties. For example, instead of:

cagw:

tual.properties: credentials/tual.properties

Expand the parameter as follows:

cagw:

tual:

properties: credentials/tual.properties
In Docker installations, the file paths must not correspond to a directory in the host but to the following directory mapped in the container.

/etc/cagw/config

For example:

trust-store: /etc/cagw/ssl/truststore.jks

See below for a sample configuration using these conventions.

logging:
  level:
    root: INFO
  jtk:
    debug: false
    level: 0
  ssl:
    jsse:
      debug: false
      level: ssl
server:
  port: 8080
  servlet:
    context-path: /cagw
  ssl:
    enabled: true
    insecure-mode: false
    protocol: TLS
    key-alias: cagw
    key-store: /etc/cagw/config/keystore.p12
    key-store-password: Password
    key-store-type: pkcs12
    trust-store: /etc/cagw/config/truststore.p12
    trust-store-password: Passowrd
    trust-store-type: pkcs12
    client-auth: need
management:
  server:
    port: 9090
    ssl:
      enabled: true
      protocol: TLS
      key-alias: cagw
      key-store: /etc/cagw/config/keystore.p12
      key-store-password: Password
      key-store-type: pkcs12
      trust-store: /etc/cagw/config/truststore.p12
      trust-store-password: Password
      trust-store-type: pkcs12
      client-auth: want
  endpoint:
    health:
      group:
        custom:
          include: diskSpace,ping
          show-components: always
          show-details: always
  endpoints:
    web:
      base-path: /cagw/management/actuator
      exposure:
        include: health,prometheus
cagw:
  connector-filters:
    filter-lists: {}
  cert-event-tracking: {}
  authorities:
    managed-cas: {}
  tenants: []
  integrators: []
  clients: []
  deploy:
    enable: {}
  caches:
    subject-dn-cache: {}
    profile-cache: {}
    profiles-cache: {}
    subject-builder-cache: {}
    ca-capabilities-cache: {}
    ca-information-cache: {}
    requested-properties-cache: {}
  license:
    signed-path: /etc/cagw/config/license.lic
 

See Running cagw-util for how to create a basic configuration.