On this page:
   28.80    Two Factor Authentication
  • Configuration Categories
  • 28.0 Web Admin Console Settings
  • 28.1 Authentication Callback Scripts
  • 28.2 Auth: General for APIs
  • 28.3 User Authentication
  • 28.4 Auth: HTTP Basic
  • 28.5 Auth: OpenID Connect
  • 28.6 Browser Syntax Highlighting
  • 28.7 Capability Statement (metadata)
  • 28.8 Channel Import
  • 28.9 Channel Retry
  • 28.10 Cluster Manager Subscription Messaging
  • 28.11 Cluster Manager Maintenance
  • 28.12 Cluster Manager Message Broker
  • 28.13 Cluster Manager Kafka
  • 28.14 Credentials
  • 28.15 Cross-Origin Resource Sharing (CORS)
  • 28.16 Database
  • 28.17 EMPI
  • 28.18 ETL Import: CSV Properties
  • 28.19 ETL Import: Source
  • 28.20 FHIR Binary Storage
  • 28.21 FHIR Bulk Operations
  • 28.22 FHIR Configuration
  • 28.23 FHIR Consent Service
  • 28.24 FHIR LiveBundle Service
  • 28.25 FHIR EMPI Server
  • 28.26 FHIR Endpoint Conversion
  • 28.27 FHIR Endpoint Security
  • 28.28 Interceptors
  • 28.29 FHIR Endpoint Partitioning and Multitenancy
  • 28.30 FHIR Gateway Target
  • 28.31 FHIR Gateway Cache
  • 28.32 FHIR Storage Partitioning and Multitenancy
  • 28.33 Package Registry
  • 28.34 FHIR Performance
  • 28.35 FHIR Performance Tracing
  • 28.36 FHIR Realtime Export
  • 28.37 FHIR Resource Types
  • 28.38 FHIR REST Endpoint
  • 28.39 FHIR Search
  • 28.40 FHIR Interceptors
  • 28.41 FHIR Subscription Persistence
  • 28.42 FHIR Subscription Delivery
  • 28.43 FHIR Validation Services
  • 28.44 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 28.45 HL7 v2.x to FHIR Mapper - General
  • 28.46 HL7 v2.x Mapper - Medications
  • 28.47 HL7 v2.x to FHIR Mapper - OBR
  • 28.48 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 28.49 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 28.50 HL7 v2.x to FHIR Mapper - PV1
  • 28.51 HL7 v2.x Listener Script
  • 28.52 HL7 v2.x MLLP Listener
  • 28.53 FHIR to HL7 v2.x Mapper Script
  • 28.54 HL7 v2.x MLLP Sender
  • 28.55 HTTP Access Log
  • 28.56 HTTP Listener
  • 28.57 HTTP Request Pool
  • 28.58 HTTP Security
  • 28.59 Hybrid Providers Definitions
  • 28.60 Initial User Seeding
  • 28.61 JSON Web KeySet (JWKS)
  • 28.62 LDAP Authentication
  • 28.63 Lucene FullText Indexing
  • 28.64 Narrative Generator
  • 28.65 OpenID Connect (OIC)
  • 28.66 Realtime Export
  • 28.67 Request Validating
  • 28.68 Security Inbound Script
  • 28.69 Inbound SMART on FHIR Authentication
  • 28.70 Inbound SMART on FHIR Endpoints
  • 28.71 OpenID Connect Token Validation
  • 28.72 SAML Provider
  • 28.73 OAuth2/OIDC Federation
  • 28.74 SMART Authorization
  • 28.75 SMART Definitions Seeding
  • 28.76 Sessions
  • 28.77 SMART Outbound Security: Callback Script
  • 28.78 SMART Outbound Security: CODAP
  • 28.79 SMART Outbound Security: Login Skin
  • 28.80 Two Factor Authentication
  • 28.81 TLS / SSL (Encryption)
  • 28.82 Trusted Client
  • 28.83 Transaction Log
  • 28.84 Miscellaneous Categories
    • 28.82    Trusted Client   
       Table of Contents

    TLS / SSL (Encryption)

    28.81TLS / SSL (Encryption)

     

    The TLS / SSL (Encryption) configuration category includes the following configurable options:

    • TLS KeyStore Filename

    • TLS KeyStore Password

    • TLS KeyStore Key Alias

    • TLS KeyStore Key Password

    • TLS Enabled

    • TLS Client Authentication

    • TLS TrustStore Filename

    • TLS TrustStore Password

    • TLS Cipher Whitelist

    • TLS Cipher Blacklist

    • TLS Protocol Whitelist

    • TLS Protocol Blacklist

    28.81.1Property: TLS KeyStore Filename

     
    Property Name TLS KeyStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS KeyStore used to hold private keys for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.file =

    28.81.2Property: TLS KeyStore Password

     
    Property Name TLS KeyStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS KeyStore (leave blank if the store has no password).
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.password =

    28.81.3Property: TLS KeyStore Key Alias

     
    Property Name TLS KeyStore Key Alias
    Property Key
    Property Type STRING
    Description The alias for the specific key within the KeyStore that should be selected for incoming TLS connections.
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keyalias =

    28.81.4Property: TLS KeyStore Key Password

     
    Property Name TLS KeyStore Key Password
    Property Key
    Property Type PASSWORD
    Description The password for the specific key within the KeyStore (leave blank if the key has no password).
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keypass =

    28.81.5Property: TLS Enabled

     
    Property Name TLS Enabled
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require TLS (i.e. SSL or HTTPS) encryption for incoming connections?
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.enabled = false

    28.81.6Property: TLS Client Authentication

     
    Property Name TLS Client Authentication
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require incoming connections to authenticate using TLS Client Authentication?
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.clientauth.enabled = false

    28.81.7Property: TLS TrustStore Filename

     
    Property Name TLS TrustStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS TrustStore used to hold trusted certificates for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.file = classpath:truststore.p12

    28.81.8Property: TLS TrustStore Password

     
    Property Name TLS TrustStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS TrustStore (leave blank if the store has no password).
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.password =

    28.81.9Property: TLS Cipher Whitelist

     
    Property Name TLS Cipher Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_whitelist =

    28.81.10Property: TLS Cipher Blacklist

     
    Property Name TLS Cipher Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_blacklist =

    28.81.11Property: TLS Protocol Whitelist

     
    Property Name TLS Protocol Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_whitelist =

    28.81.12Property: TLS Protocol Blacklist

     
    Property Name TLS Protocol Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_blacklist =
       28.80    Two Factor Authentication
  • Configuration Categories
  • 28.0 Web Admin Console Settings
  • 28.1 Authentication Callback Scripts
  • 28.2 Auth: General for APIs
  • 28.3 User Authentication
  • 28.4 Auth: HTTP Basic
  • 28.5 Auth: OpenID Connect
  • 28.6 Browser Syntax Highlighting
  • 28.7 Capability Statement (metadata)
  • 28.8 Channel Import
  • 28.9 Channel Retry
  • 28.10 Cluster Manager Subscription Messaging
  • 28.11 Cluster Manager Maintenance
  • 28.12 Cluster Manager Message Broker
  • 28.13 Cluster Manager Kafka
  • 28.14 Credentials
  • 28.15 Cross-Origin Resource Sharing (CORS)
  • 28.16 Database
  • 28.17 EMPI
  • 28.18 ETL Import: CSV Properties
  • 28.19 ETL Import: Source
  • 28.20 FHIR Binary Storage
  • 28.21 FHIR Bulk Operations
  • 28.22 FHIR Configuration
  • 28.23 FHIR Consent Service
  • 28.24 FHIR LiveBundle Service
  • 28.25 FHIR EMPI Server
  • 28.26 FHIR Endpoint Conversion
  • 28.27 FHIR Endpoint Security
  • 28.28 Interceptors
  • 28.29 FHIR Endpoint Partitioning and Multitenancy
  • 28.30 FHIR Gateway Target
  • 28.31 FHIR Gateway Cache
  • 28.32 FHIR Storage Partitioning and Multitenancy
  • 28.33 Package Registry
  • 28.34 FHIR Performance
  • 28.35 FHIR Performance Tracing
  • 28.36 FHIR Realtime Export
  • 28.37 FHIR Resource Types
  • 28.38 FHIR REST Endpoint
  • 28.39 FHIR Search
  • 28.40 FHIR Interceptors
  • 28.41 FHIR Subscription Persistence
  • 28.42 FHIR Subscription Delivery
  • 28.43 FHIR Validation Services
  • 28.44 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 28.45 HL7 v2.x to FHIR Mapper - General
  • 28.46 HL7 v2.x Mapper - Medications
  • 28.47 HL7 v2.x to FHIR Mapper - OBR
  • 28.48 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 28.49 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 28.50 HL7 v2.x to FHIR Mapper - PV1
  • 28.51 HL7 v2.x Listener Script
  • 28.52 HL7 v2.x MLLP Listener
  • 28.53 FHIR to HL7 v2.x Mapper Script
  • 28.54 HL7 v2.x MLLP Sender
  • 28.55 HTTP Access Log
  • 28.56 HTTP Listener
  • 28.57 HTTP Request Pool
  • 28.58 HTTP Security
  • 28.59 Hybrid Providers Definitions
  • 28.60 Initial User Seeding
  • 28.61 JSON Web KeySet (JWKS)
  • 28.62 LDAP Authentication
  • 28.63 Lucene FullText Indexing
  • 28.64 Narrative Generator
  • 28.65 OpenID Connect (OIC)
  • 28.66 Realtime Export
  • 28.67 Request Validating
  • 28.68 Security Inbound Script
  • 28.69 Inbound SMART on FHIR Authentication
  • 28.70 Inbound SMART on FHIR Endpoints
  • 28.71 OpenID Connect Token Validation
  • 28.72 SAML Provider
  • 28.73 OAuth2/OIDC Federation
  • 28.74 SMART Authorization
  • 28.75 SMART Definitions Seeding
  • 28.76 Sessions
  • 28.77 SMART Outbound Security: Callback Script
  • 28.78 SMART Outbound Security: CODAP
  • 28.79 SMART Outbound Security: Login Skin
  • 28.80 Two Factor Authentication
  • 28.81 TLS / SSL (Encryption)
  • 28.82 Trusted Client
  • 28.83 Transaction Log
  • 28.84 Miscellaneous Categories
    • 28.82    Trusted Client