Configure TLS

1. Generate the public key for the previously created private key.

   openssl pkey -in private.pem -pubout -out public.pem

2. Copy the public key to each VM that runs either a Media Flow Engine and an RTP Proxy.
3. If your Managed Servers run on separate VMs, copy the private key to each Managed Server.
4. Use the keytool command to create a keystore (for example, client-truststore.jks) and import the public key into the keystore.
   For instructions on completing this step, review the keytool documentation.
5. Append the following options in the JAVA_OPTIONS parameter of both the Admin Server and Managed Servers start-up script:

   -Djavax.net.ssl.trustStore={ORACLE_HOME}/client-truststore.jks \
   -Djavax.net.ssl.trustStorePassword=changeit \
   -Djavax.net.ssl.trustStoreType=JKS"

6. Restart the Admin Server and the Managed Servers.

Enable TLS in the MFE

7. Connect to the VM where you installed the MFE.
8. Navigate to the MFE's config directory.

   cd media-flow-engine-8.3.0.0.0-MFE/MFE_HOME/config/

9. In the application.yaml file, set the server.tls.enabled property to true.

   server:
     http-port: 8080
     https-port: 8443
     tls:
       enabled: true
       client-auth: "NONE"
       protocols: [TLSv1.3, TLSv1.2]