On this page:
   34.85    Two Factor Authentication
  • Configuration Categories
  • 34.0 Web Admin Console Settings
  • 34.1 App Gallery
  • 34.2 Authentication Callback Scripts
  • 34.3 Auth: General for APIs
  • 34.4 User Authentication
  • 34.5 Auth: HTTP Basic
  • 34.6 Auth: OpenID Connect
  • 34.7 Browser Syntax Highlighting
  • 34.8 Capability Statement (metadata)
  • 34.9 CDS Hooks
  • 34.10 Channel Import
  • 34.11 Channel Retry
  • 34.12 Cluster Manager Maintenance
  • 34.13 Cluster Manager Message Broker
  • 34.14 Cluster Manager Kafka
  • 34.15 Credentials
  • 34.16 Cross-Origin Resource Sharing (CORS)
  • 34.17 Database
  • 34.18 ETL Import: CSV Properties
  • 34.19 ETL Import: Source
  • 34.20 FHIR Binary Storage
  • 34.21 FHIR Bulk Operations
  • 34.22 FHIR Configuration
  • 34.23 FHIR Capability Statement
  • 34.24 FHIR Consent Service
  • 34.25 FHIR Endpoint Terminology
  • 34.26 FHIR LiveBundle Service
  • 34.27 FHIR Endpoint Conversion
  • 34.28 FHIR Endpoint Security
  • 34.29 Interceptors
  • 34.30 FHIR Endpoint Partitioning and Multitenancy
  • 34.31 FHIR Gateway Config
  • 34.32 FHIR MDM Server
  • 34.33 FHIR Storage Partitioning and Multitenancy
  • 34.34 FHIR Storage Package Registry
  • 34.35 Versioned References
  • 34.36 FHIR Performance
  • 34.37 FHIR Performance Tracing
  • 34.38 FHIR Realtime Export
  • 34.39 FHIR Resource Types
  • 34.40 FHIR REST Endpoint
  • 34.41 FHIR Search
  • 34.42 FHIR Interceptors
  • 34.43 FHIR Repository Validation
  • 34.44 FHIR Subscription Persistence
  • 34.45 FHIR Subscription Delivery
  • 34.46 FHIR Validation Services
  • 34.47 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 34.48 HL7 v2.x to FHIR Mapper - General
  • 34.49 HL7 v2.x Mapper - Medications
  • 34.50 HL7 v2.x to FHIR Mapper - OBR
  • 34.51 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 34.52 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 34.53 HL7 v2.x to FHIR Mapper - PV1
  • 34.54 HL7 v2.x Listener Script
  • 34.55 HL7 v2.x MLLP Listener
  • 34.56 FHIR to HL7 v2.x Mapper Script
  • 34.57 HL7 v2.x MLLP Sender
  • 34.58 HTTP Access Log
  • 34.59 HTTP Listener
  • 34.60 HTTP Request Pool
  • 34.61 HTTP Security
  • 34.62 Hybrid Providers Definitions
  • 34.63 Initial User Seeding
  • 34.64 JSON Web KeySet (JWKS)
  • 34.65 LDAP Authentication
  • 34.66 Lucene FullText Indexing
  • 34.67 Narrative Generator
  • 34.68 Master Data Management
  • 34.69 OpenID Connect (OIDC)
  • 34.70 Realtime Export
  • 34.71 Request Validating
  • 34.72 Security Inbound Script
  • 34.73 Inbound SMART on FHIR Authentication
  • 34.74 Inbound SMART on FHIR Endpoints
  • 34.75 OpenID Connect Token Validation
  • 34.76 SAML Provider
  • 34.77 OAuth2/OIDC Federation
  • 34.78 SMART Authorization
  • 34.79 SMART Definitions Seeding
  • 34.80 Sessions
  • 34.81 SMART Outbound Security: Callback Script
  • 34.82 SMART Outbound Security: CODAP
  • 34.83 SMART Outbound Security: Login Skin
  • 34.84 SMART Outbound Security: Terms of Service
  • 34.85 Two Factor Authentication
  • 34.86 TLS / SSL (Encryption)
  • 34.87 Trusted Client
  • 34.88 Transaction Log
  • 34.89 User Self Registration
    • 34.87    Trusted Client   
       Table of Contents

    TLS / SSL (Encryption)

    34.86TLS / SSL (Encryption)

     

    The TLS / SSL (Encryption) configuration category includes the following configurable options:

    • TLS Client Authentication

    • TLS Enabled

    • TLS KeyStore Filename

    • TLS KeyStore Key Alias

    • TLS KeyStore Key Password

    • TLS KeyStore Password

    • TLS Cipher Blacklist

    • TLS Cipher Whitelist

    • TLS Protocol Blacklist

    • TLS Protocol Whitelist

    • TLS TrustStore Filename

    • TLS TrustStore Password

    34.86.1Property: TLS Client Authentication

     
    Property Name TLS Client Authentication
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require incoming connections to authenticate using TLS Client Authentication?
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.clientauth.enabled = false

    34.86.2Property: TLS Enabled

     
    Property Name TLS Enabled
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require TLS (i.e. SSL or HTTPS) encryption for incoming connections?
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value false
    Example Property 
    module.[MODULE_ID].config.tls.enabled = false

    34.86.3Property: TLS KeyStore Filename

     
    Property Name TLS KeyStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS KeyStore used to hold private keys for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.file =

    34.86.4Property: TLS KeyStore Key Alias

     
    Property Name TLS KeyStore Key Alias
    Property Key
    Property Type STRING
    Description The alias for the specific key within the KeyStore that should be selected for incoming TLS connections.
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keyalias =

    34.86.5Property: TLS KeyStore Key Password

     
    Property Name TLS KeyStore Key Password
    Property Key
    Property Type PASSWORD
    Description The password for the specific key within the KeyStore (leave blank if the key has no password).
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.keypass =

    34.86.6Property: TLS KeyStore Password

     
    Property Name TLS KeyStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS KeyStore (leave blank if the store has no password).
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.keystore.password =

    34.86.7Property: TLS Cipher Blacklist

     
    Property Name TLS Cipher Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_blacklist =

    34.86.8Property: TLS Cipher Whitelist

     
    Property Name TLS Cipher Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.cipher_whitelist =

    34.86.9Property: TLS Protocol Blacklist

     
    Property Name TLS Protocol Blacklist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_blacklist =

    34.86.10Property: TLS Protocol Whitelist

     
    Property Name TLS Protocol Whitelist
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.protocol.protocol_whitelist =

    34.86.11Property: TLS TrustStore Filename

     
    Property Name TLS TrustStore Filename
    Property Key
    Property Type Resource Path
    Description The filename for the TLS TrustStore used to hold trusted certificates for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.file = classpath:truststore.p12

    34.86.12Property: TLS TrustStore Password

     
    Property Name TLS TrustStore Password
    Property Key
    Property Type PASSWORD
    Description The password for the TLS TrustStore (leave blank if the store has no password).
    Applies to Modules
    • Application Gallery
    • CDS-Hooks REST Endpoint
    • FHIR Gateway REST Endpoint
    • FHIR REST Endpoint (DSTU2)
    • FHIR REST Endpoint (R3)
    • FHIR REST Endpoint (R4)
    • FHIRWeb Console
    • HL7 v2.x Listening Endpoint
    • HL7 v2.x Sending Endpoint
    • Hybrid Providers REST Endpoint
    • JSON Admin API
    • Package Registry Endpoint
    • SMART App Host (Deprecated)
    • SMART Outbound Security
    • Subscription Websocket Endpoint
    Default Value (no default)
    Example Property 
    module.[MODULE_ID].config.tls.truststore.password =
       34.85    Two Factor Authentication
  • Configuration Categories
  • 34.0 Web Admin Console Settings
  • 34.1 App Gallery
  • 34.2 Authentication Callback Scripts
  • 34.3 Auth: General for APIs
  • 34.4 User Authentication
  • 34.5 Auth: HTTP Basic
  • 34.6 Auth: OpenID Connect
  • 34.7 Browser Syntax Highlighting
  • 34.8 Capability Statement (metadata)
  • 34.9 CDS Hooks
  • 34.10 Channel Import
  • 34.11 Channel Retry
  • 34.12 Cluster Manager Maintenance
  • 34.13 Cluster Manager Message Broker
  • 34.14 Cluster Manager Kafka
  • 34.15 Credentials
  • 34.16 Cross-Origin Resource Sharing (CORS)
  • 34.17 Database
  • 34.18 ETL Import: CSV Properties
  • 34.19 ETL Import: Source
  • 34.20 FHIR Binary Storage
  • 34.21 FHIR Bulk Operations
  • 34.22 FHIR Configuration
  • 34.23 FHIR Capability Statement
  • 34.24 FHIR Consent Service
  • 34.25 FHIR Endpoint Terminology
  • 34.26 FHIR LiveBundle Service
  • 34.27 FHIR Endpoint Conversion
  • 34.28 FHIR Endpoint Security
  • 34.29 Interceptors
  • 34.30 FHIR Endpoint Partitioning and Multitenancy
  • 34.31 FHIR Gateway Config
  • 34.32 FHIR MDM Server
  • 34.33 FHIR Storage Partitioning and Multitenancy
  • 34.34 FHIR Storage Package Registry
  • 34.35 Versioned References
  • 34.36 FHIR Performance
  • 34.37 FHIR Performance Tracing
  • 34.38 FHIR Realtime Export
  • 34.39 FHIR Resource Types
  • 34.40 FHIR REST Endpoint
  • 34.41 FHIR Search
  • 34.42 FHIR Interceptors
  • 34.43 FHIR Repository Validation
  • 34.44 FHIR Subscription Persistence
  • 34.45 FHIR Subscription Delivery
  • 34.46 FHIR Validation Services
  • 34.47 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 34.48 HL7 v2.x to FHIR Mapper - General
  • 34.49 HL7 v2.x Mapper - Medications
  • 34.50 HL7 v2.x to FHIR Mapper - OBR
  • 34.51 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 34.52 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 34.53 HL7 v2.x to FHIR Mapper - PV1
  • 34.54 HL7 v2.x Listener Script
  • 34.55 HL7 v2.x MLLP Listener
  • 34.56 FHIR to HL7 v2.x Mapper Script
  • 34.57 HL7 v2.x MLLP Sender
  • 34.58 HTTP Access Log
  • 34.59 HTTP Listener
  • 34.60 HTTP Request Pool
  • 34.61 HTTP Security
  • 34.62 Hybrid Providers Definitions
  • 34.63 Initial User Seeding
  • 34.64 JSON Web KeySet (JWKS)
  • 34.65 LDAP Authentication
  • 34.66 Lucene FullText Indexing
  • 34.67 Narrative Generator
  • 34.68 Master Data Management
  • 34.69 OpenID Connect (OIDC)
  • 34.70 Realtime Export
  • 34.71 Request Validating
  • 34.72 Security Inbound Script
  • 34.73 Inbound SMART on FHIR Authentication
  • 34.74 Inbound SMART on FHIR Endpoints
  • 34.75 OpenID Connect Token Validation
  • 34.76 SAML Provider
  • 34.77 OAuth2/OIDC Federation
  • 34.78 SMART Authorization
  • 34.79 SMART Definitions Seeding
  • 34.80 Sessions
  • 34.81 SMART Outbound Security: Callback Script
  • 34.82 SMART Outbound Security: CODAP
  • 34.83 SMART Outbound Security: Login Skin
  • 34.84 SMART Outbound Security: Terms of Service
  • 34.85 Two Factor Authentication
  • 34.86 TLS / SSL (Encryption)
  • 34.87 Trusted Client
  • 34.88 Transaction Log
  • 34.89 User Self Registration
    • 34.87    Trusted Client