B.8 Configure Secure Connection for Your Apps

1. Provide configuration information for the MicroTx library properties for all participant and initiator applications.

   Open the tmm.properties file in any code editor, and then enter values for the following parameters to configure the MicroTx library.

   • oracle.tmm.TcsUrl: Enter the URL to access the MicroTx application. See Access MicroTx. You must enter this value for the transaction initiator application. You don't have to specify this value for the transaction participant applications.

   • oracle.tmm.CallbackUrl: Enter the URL of your participant service which MicroTx calls back. Provide this value in the following format:

     http://HostNameofApp:PortofApp/

     Where,

     • HostNameofApp: The host name of your initiator or participant service. For example, host.docker.internal.
     • PortofApp: The port number over which you can access your participant service. For example, 8080.

   The following example provides sample values for the environment variables. Provide the values based on your environment.

   oracle.tmm.TcsUrl = https://localhost:9000/api/v1
   oracle.tmm.CallbackUrl = http://host.docker.internal:8080

2. For your Java microservices to access the transaction coordinator over TLS, you must import the TLS certificate into the JRE Keystore using keytool.

   export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-11.0.11.jdk/Contents/Homesudo keytool -import -trustcacerts -alias tcs-localhost -file localhost.pem -keystore $JAVA_HOME/lib/security/cacerts

3. For your Node.js microservices to access the transaction coordinator over TLS, set the NODE_EXTRA_CA_CERTS environment variable to the path a root certificate, in PEM format.

   export NODE_EXTRA_CA_CERTS=./rootCA.crt

   For information about creating an SSL certificate, see Guidelines for Generating Self-Signed Certificate and Private Key using OpenSSL in Security Guide.

Place the YAML file in the current directory along with the certificate and key files. If you have set tmmConfiguration.serveTLS.enabled to true in the YAML file to enable TLS, you must copy the certificate and key files into the current directory.