Configure TLS

1. Generate the public key for the previously created private key.

   openssl pkey -in private.pem -pubout -out public.pem

2. Copy the public key to each VM that runs a Media Flow Engine, an RTP Proxy, or an Intelligent AI Connector.
3. If your Managed Servers run on separate VMs, copy the private key to each Managed Server.
4. Use the keytool command to create a keystore (for example, client-truststore.jks) and import all the public keys into the keystore.
   For instructions on completing this step, review the keytool documentation.
5. Append the following options in the JAVA_OPTIONS parameter of both the Admin Server and Managed Servers start-up script:

   -Djavax.net.ssl.trustStore={ORACLE_HOME}/client-truststore.jks \
   -Djavax.net.ssl.trustStorePassword=changeit \
   -Djavax.net.ssl.trustStoreType=JKS"

6. Restart the Admin Server and the Managed Servers.

Enable TLS in the MFE

7. Connect to the VM where you installed the MFE.
8. Navigate to the MFE's config directory.

   cd media-flow-engine-8.3.0.0.0-MFE/MFE_HOME/config/

9. In the application.yaml file, set the server.tls.enabled property to true.

   server:
     http-port: 8080
     https-port: 8443
     tls:
       enabled: true
       client-auth: "NONE"
       protocols: [TLSv1.3, TLSv1.2]

Enable TLS for IAC

10. Connect to the VM where you installed the IAC.
11. Navigate to the IAC's config directory.

    cd IntelligentAIConnector-8.3.0.0.0-AIC/AIC_HOME/config/

12. In the application.yaml file, set the server.tls.enabled property to true.

    server:
      http-port: 8080
      https-port: 8443
      tls:
        enabled: true
        client-auth: "NONE"
        protocols: [TLSv1.3, TLSv1.2]