Closed mattStorer closed 9 months ago
UPDATE: got COACH to serve HTTPS traffic by creating a self-signed PKCS12 public/private key pair using the Java keytool program, by following the instructions here:
https://vipulkumarsviit.medium.com/how-to-enable-ssl-in-spring-boot-application-dc67a6897c67
(note that the security.require-ssl
property specified in the link above doesn't seem to exist, probably replaced by server.ssl.enabled=true
)
this link also seems to contain useful information that may augment what's detailed in the link above:
https://www.baeldung.com/spring-tls-setup
more needs to be done for sure, and lots of testing needs to occur, but it seems that this should be a reasonably straight-forward task and not as painful as originally envisioned
this is resolved insofar as it needs to be resolved at this time. MU will need to play with this and see about getting a real certificate of theirs integrated into a keystore, but then all they should need to do is adjust the config in application.properties and I think that should be it?
MU is pushing back against the standard COACH deployment, whereby COACH serves plaintext HTTP traffic, which is then wrapped in SSL/HTTPS via an intermediate proxy before leaving the server, which is how we have COACH running here at OHSU.
MU doesn't have the technical know-how to implement such a proxy, and wants us to sort out getting COACH to serve encrypted HTTPS traffic directly.
I know that this can be done, but I also know that it's complicated. Tagging "needs approval" and "high priority" so we are sure to discuss this and sort it out before the January go-live, which I'm pretty sure is what MU is going to want.