updated docs to describe passing a pem file path to the Java SDK clients

actionml · Apr 26, 2018 · 8ab886a · 8ab886a
1 parent 1b44dcf
commit 8ab886a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/harness_config.md b/harness_config.md
@@ -46,13 +46,13 @@ export HARNESS_AUTH_ENABLED=${HARNESS_AUTH_ENABLED:-false}
 # =============================================================
 
 # Harness TLS/SSL server support. A dummy file needs to be provided even if TLS is not used, one is supplied with Harness
-export HARNESS_KEYSTORE_PASSWORD=${HARNESS_KEYSTORE_PASSWORD:-23harness5711!}
-export HARNESS_KEYSTORE_PATH=${HARNESS_KEYSTORE_PATH:-$HARNESS_HOME/harness.jks}
+export HARNESS_KEYSTORE_PASSWORD=${HARNESS_KEYSTORE_PASSWORD:-changeit!}
+export HARNESS_KEYSTORE_PATH=${HARNESS_KEYSTORE_PATH:-$HARNESS_HOME/conf/harness.jks}
 # export HARNESS_SSL_ENABLED=true # to enable TLS/SSL
 export HARNESS_SSL_ENABLED=${HARNESS_SSL_ENABLED:-false}
 
 # Java and Python client SDKs use the following for TLS/SSL
-# export HARNESS_SERVER_CERT_PATH=${HARNESS_KEYSTORE_PATH:-$HARNESS_HOME/harness.pem}
+# export HARNESS_SERVER_CERT_PATH=${HARNESS_KEYSTORE_PATH:-$HARNESS_HOME/conf/harness.pem}
 
 # The Python CLI must connect to the external address of the server to use TLS, supply it here
 # export HARNESS_EXTERNAL_ADDRESS=1.2.3.4 # to connect with a certificate we need to use the matching address here

diff --git a/java-sdk.md b/java-sdk.md
@@ -155,7 +155,19 @@ Not also that you cannot have a secure deployment without both TLS and Auth. TLS
 
 ## Setup TLS/SSL
 
-See [harness-config.md](harness-config.md) for a description of how to setup the Harness Server and Java SDK for TLS/SSL
+The Java SDK works with or without TLS. In either case a `.pem` certificate must be provided, even if it is not used. The cert file is used too encrypt data to a specific Harness server, which has the correct key installed. See [harness-config.md](harness-config.md) for a description of how to setup the Harness Server and Python CLI for use with TLS/SSL.
+
+The Java SDK has 3 methods for supplying the `.pem` file:
+
+ 1. **Change the config** in `akka-ssl.conf` to point to the `.pem` file on the desired machine and recompile the client for use on a specific machine.
+ - **Add an environment variable** by putting `export HARNESS_SERVER_CERT_PATH=/path/to/pem-file` in one of the shell startup file like `~/.profile` or `~/.bashrc` as per recommendations for your OS.
+ - **Pass in the location** when creating any client. All clients have an optional parameter for setting the path to the `.pem` file.
+
+The method falls back from #3 to #1 and if a `.pem` file is not found there will always be an exception thrown.
+
+Harness is built with a `.pem` and `.jks` file for localhost execution of TLS with pointers to these files setup in the correct places. By default Harness does not use TLS but to try TLS with localhost all you have to do is turn it on in `harness/rest-server/bin/harness-env` and start Harness. The CLI will use TLS to communicate with Harness on localhost and the Java SDK tests will work. 
+
+To use a custom certificate with the Java SDK, just make sure it can find the `.pem` at runtime.
 
 ## Using Auth from the Client