ABS supports only TLS 1.1 and TLS 1.2 and requires Open JDK 11.0.2. You can configure SSL
by setting the value of enable_ssl
parameter to true in
pingidentity/abs/mongo/abs_init.js
file. Setting the value to
true
enables SSL communication between ASE and ABS as well as for ABS
external REST APIs. Following is a snippet of the abs.init
file with
enable_ssl
parameter:
db.global_config.insert({
"attack_initial_training": "24",
"attack_update_interval": "24",
"url_limit": "100",
"response_size": "100",
"job_frequency" : "10",
"window_length" : "24",
"enable_ssl": true,
"api_discovery": false,
"discovery_initial_period" : "24",
"discovery_subpath": "1",
"continuous_learning": true,
"discovery_update_interval": "1"
});
ABS ships with a default self-signed certificate with Java Keystore at
abs/config/ssl/abs.jks
and the default password set to
abs123
in the abs.properties
file. The default password is
obfuscated in the abs.properties
file. It is recommended to change the
default passwords and obfuscate the new passwords. See,
Obfuscating Passwords
for steps to
obfuscate passwords.
If you want to use your own CA-signed certificates, you can import them in ABS.