[Tunnel_Service]

The [Tunnel_Service] stanza is used to configure the SSL tunnel used between the services and agents.

Parameter	Description
`tunnel_enabled`	Default: false. True enables, any other value is disabled.
`tunnel_bind_addr`	Defaults to 0.0.0.0 (wildcard address); the IP or name of the network interface to which the tunnel should bind.
`tunnel_port`	Defaults to 15010. The port number to which agents should connect or to which the tunnel should bind.
`tunnel_mode`	Defaults to Both. Connection initiation mode: Connect, Accept or Both.
`tunnel_proxy_port`	Defaults to 15009. Local port on which the tunnel listens for local proxy connection attempts (e.g. qpcgateway to an agent).
`tunnel_init_period_mins`	Defaults to 1 (minute). Tunnel initiation occurs on this schedule if tunnel mode is either Connect or Both. Agents that are confirmed, and have a service-initiated ConnectionInitiation preference value are initiated on this schedule. Reconnects are attempted on the same schedule.
`ssl_client_auth`	Defaults to false. Set if tunnel clients must authenticate. Requires key stores to be configured on the agents if set to true.
`ssl_protocols`	Defaults to TLS. Defines the protocol that the tunnel uses. Can be any of SSL, SSLv2, SSLv3, TLS, TLSv1, TLSv1.1, TLSv1.2.
`ssl_include_ciphers`	Defaults to TLS_DH_anon_WITH_AES_128_CBC_SHA. Comma-separated whitelist of ciphers the tunnel uses; takes precedence over `ssl_exclude_ciphers`. Valid cipher names are defined in https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names . Note that the cipher suite name must be supported by the configured "ssl_protocol".
`ssl_exclude_ciphers`	Defaults to Not set. Comma-separated list of ciphers to NOT use. These ciphers are removed from those available in the JRE the default cipher list. `ssl_include_ciphers` has precedence. Valid cipher suite names are defined in https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names Note that the cipher suite name must be supported by the configured "ssl_protocol".
`ssl_truststore_file`	Defaults to Not set. Keystore file containing the trusted certificate entries.
`ssl_truststore_type`	Defaults to JKS.
`ssl_truststore_password`	Defaults to changeit. Password for the store file. Should be changed. Can be OBF encoded (use the OBFPassword script).
`ssl_trustman_algorithm`	Defaults to PKIX.
`ssl_keystore_file`	Defaults to Not set. The store file containing the TrueSight Middleware and Transaction Monitor Services keys.
`ssl_keystore_type`	Defaults to JKS.
`ssl_keystore_password`	Defaults to changeit. Password for the store file. Should be changed. Can be OBF encoded (use the OBFPassword script).
`ssl_keyman_algorithm`	Defaults to JKS.
`ssl_revokestore_password`	Defaults to changeit.
`use_internal_certificates`	Defaults to false. If true, TrueSight Middleware and Transaction Monitor generates and uses internally generated certificates (using SHA256withRSA keys). In addition, the key and trust store file names, types, and algorithm parameters are ignored. If false TrueSight Middleware and Transaction Monitor must be provided with populated stores and the configuration parameters for them must be provided if authentication is required.
`cert_validity_period`	Defaults to 3650. Certificate validity period, in days, for internally managed certificates.
`cert_key_size`	Defaults to 1024. Key size used for internally generated certificates.

[Tunnel_Service]

Comments