On this page:
   24.68    Two Factor Authentication
  • Configuration Categories
  • 24.0 Web Admin Console Settings
  • 24.1 Authentication Callback Scripts
  • 24.2 Auth: General for APIs
  • 24.3 Auth: General for Web
  • 24.4 Auth: HTTP Basic
  • 24.5 Auth: OpenID Connect
  • 24.6 Browser Syntax Highlighting
  • 24.7 Capability Statement (metadata)
  • 24.8 Cluster Manager Subscription Messaging
  • 24.9 Cluster Manager Maintenance
  • 24.10 Cluster Manager Message Broker
  • 24.11 Cluster Manager Kafka
  • 24.12 Credentials
  • 24.13 Cross-Origin Resource Sharing (CORS)
  • 24.14 Database
  • 24.15 ETL Import: CSV Properties
  • 24.16 ETL Import: Source
  • 24.17 FHIR Binary Storage
  • 24.18 FHIR Bulk Operations
  • 24.19 FHIR Configuration
  • 24.20 FHIR Consent Service
  • 24.21 FHIR LiveBundle Service
  • 24.22 FHIR EMPI Server
  • 24.23 FHIR Endpoint Conversion
  • 24.24 FHIR Endpoint Security
  • 24.25 Interceptors
  • 24.26 FHIR Gateway Target
  • 24.27 FHIR Gateway Cache
  • 24.28 FHIR Multitenancy
  • 24.29 FHIR Performance
  • 24.30 FHIR Performance Tracing
  • 24.31 FHIR Resource Types
  • 24.32 FHIR REST Endpoint
  • 24.33 FHIR Search
  • 24.34 FHIR Interceptors
  • 24.35 FHIR Subscription Persistence
  • 24.36 FHIR Subscription Delivery
  • 24.37 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 24.38 HL7 v2.x to FHIR Mapper - General
  • 24.39 HL7 v2.x Mapper - Medications
  • 24.40 HL7 v2.x to FHIR Mapper - OBR
  • 24.41 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 24.42 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 24.43 HL7 v2.x to FHIR Mapper - PV1
  • 24.44 HL7 v2.x Listener Script
  • 24.45 HL7 v2.x MLLP Listener
  • 24.46 FHIR to HL7 v2.x Mapper Script
  • 24.47 HL7 v2.x MLLP Sender
  • 24.48 HTTP Access Log
  • 24.49 HTTP Listener
  • 24.50 HTTP Request Pool
  • 24.51 HTTP Security
  • 24.52 Hybrid Providers Definitions
  • 24.53 Initial User Seeding
  • 24.54 JSON Web KeySet (JWKS)
  • 24.55 LDAP Authentication
  • 24.56 Lucene FullText Indexing
  • 24.57 Narrative Generator
  • 24.58 OpenID Connect (OIC)
  • 24.59 Request Validating
  • 24.60 Inbound SMART on FHIR Authentication
  • 24.61 Inbound SMART on FHIR Endpoints
  • 24.62 Security Inbound Script
  • 24.63 SMART Authorization
  • 24.64 Sessions
  • 24.65 SMART Outbound Security: Callback Script
  • 24.66 SMART Outbound Security: CODAP
  • 24.67 SMART Outbound Security: Login Skin
  • 24.68 Two Factor Authentication
  • 24.69 TLS / SSL (Encryption)
  • 24.70 Trusted Client
  • 24.71 Trusted Client
  • 24.72 Miscellaneous Categories
    • 24.70    Trusted Client   
       Table of Contents

    TLS / SSL (Encryption)

    24.69TLS / SSL (Encryption)

     

    The TLS / SSL (Encryption) configuration category includes the following configurable options:

    • TLS KeyStore Filename

    • TLS KeyStore Password

    • TLS KeyStore Key Alias

    • TLS KeyStore Key Password

    • TLS Enabled

    • TLS Client Authentication

    • TLS TrustStore Filename

    • TLS TrustStore Password

    • TLS Cipher Whitelist

    • TLS Cipher Blacklist

    • TLS Protocol Whitelist

    • TLS Protocol Blacklist

    24.69.1Property: TLS KeyStore Filename

     
    Property Key
    Property Type LOCAL_FILEPATH
    Description The filename for the TLS KeyStore used to hold private keys for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Default Value (no default)
    Is Optional? Yes

    24.69.2Property: TLS KeyStore Password

     
    Property Key
    Property Type PASSWORD
    Description The password for the TLS KeyStore (leave blank if the store has no password).
    Default Value (no default)
    Is Optional? Yes

    24.69.3Property: TLS KeyStore Key Alias

     
    Property Key
    Property Type STRING
    Description The alias for the specific key within the KeyStore that should be selected for incoming TLS connections.
    Default Value (no default)
    Is Optional? Yes

    24.69.4Property: TLS KeyStore Key Password

     
    Property Key
    Property Type PASSWORD
    Description The password for the specific key within the KeyStore (leave blank if the key has no password).
    Default Value (no default)
    Is Optional? Yes

    24.69.5Property: TLS Enabled

     
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require TLS (i.e. SSL or HTTPS) encryption for incoming connections?
    Default Value false
    Is Optional? No

    24.69.6Property: TLS Client Authentication

     
    Property Key
    Property Type BOOLEAN
    Description Should the listener for this module require incoming connections to authenticate using TLS Client Authentication?
    Default Value false
    Is Optional? No

    24.69.7Property: TLS TrustStore Filename

     
    Property Key
    Property Type LOCAL_FILEPATH
    Description The filename for the TLS TrustStore used to hold trusted certificates for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
    Default Value (no default)
    Is Optional? Yes

    24.69.8Property: TLS TrustStore Password

     
    Property Key
    Property Type PASSWORD
    Description The password for the TLS TrustStore (leave blank if the store has no password).
    Default Value (no default)
    Is Optional? Yes

    24.69.9Property: TLS Cipher Whitelist

     
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Is Optional? Yes

    24.69.10Property: TLS Cipher Blacklist

     
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of ciphers that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Is Optional? Yes

    24.69.11Property: TLS Protocol Whitelist

     
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Is Optional? Yes

    24.69.12Property: TLS Protocol Blacklist

     
    Property Key
    Property Type STRING
    Description If specified, contains a space-separated list of protocols that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
    Default Value (no default)
    Is Optional? Yes
       24.68    Two Factor Authentication
  • Configuration Categories
  • 24.0 Web Admin Console Settings
  • 24.1 Authentication Callback Scripts
  • 24.2 Auth: General for APIs
  • 24.3 Auth: General for Web
  • 24.4 Auth: HTTP Basic
  • 24.5 Auth: OpenID Connect
  • 24.6 Browser Syntax Highlighting
  • 24.7 Capability Statement (metadata)
  • 24.8 Cluster Manager Subscription Messaging
  • 24.9 Cluster Manager Maintenance
  • 24.10 Cluster Manager Message Broker
  • 24.11 Cluster Manager Kafka
  • 24.12 Credentials
  • 24.13 Cross-Origin Resource Sharing (CORS)
  • 24.14 Database
  • 24.15 ETL Import: CSV Properties
  • 24.16 ETL Import: Source
  • 24.17 FHIR Binary Storage
  • 24.18 FHIR Bulk Operations
  • 24.19 FHIR Configuration
  • 24.20 FHIR Consent Service
  • 24.21 FHIR LiveBundle Service
  • 24.22 FHIR EMPI Server
  • 24.23 FHIR Endpoint Conversion
  • 24.24 FHIR Endpoint Security
  • 24.25 Interceptors
  • 24.26 FHIR Gateway Target
  • 24.27 FHIR Gateway Cache
  • 24.28 FHIR Multitenancy
  • 24.29 FHIR Performance
  • 24.30 FHIR Performance Tracing
  • 24.31 FHIR Resource Types
  • 24.32 FHIR REST Endpoint
  • 24.33 FHIR Search
  • 24.34 FHIR Interceptors
  • 24.35 FHIR Subscription Persistence
  • 24.36 FHIR Subscription Delivery
  • 24.37 HL7 v2.x to FHIR Mapper - Forced Namespace Mode
  • 24.38 HL7 v2.x to FHIR Mapper - General
  • 24.39 HL7 v2.x Mapper - Medications
  • 24.40 HL7 v2.x to FHIR Mapper - OBR
  • 24.41 HL7 v2.x to FHIR Mapper - OBSERVATION Group
  • 24.42 HL7 v2.x to FHIR Mapper - ORDER_OBSERVATION Group
  • 24.43 HL7 v2.x to FHIR Mapper - PV1
  • 24.44 HL7 v2.x Listener Script
  • 24.45 HL7 v2.x MLLP Listener
  • 24.46 FHIR to HL7 v2.x Mapper Script
  • 24.47 HL7 v2.x MLLP Sender
  • 24.48 HTTP Access Log
  • 24.49 HTTP Listener
  • 24.50 HTTP Request Pool
  • 24.51 HTTP Security
  • 24.52 Hybrid Providers Definitions
  • 24.53 Initial User Seeding
  • 24.54 JSON Web KeySet (JWKS)
  • 24.55 LDAP Authentication
  • 24.56 Lucene FullText Indexing
  • 24.57 Narrative Generator
  • 24.58 OpenID Connect (OIC)
  • 24.59 Request Validating
  • 24.60 Inbound SMART on FHIR Authentication
  • 24.61 Inbound SMART on FHIR Endpoints
  • 24.62 Security Inbound Script
  • 24.63 SMART Authorization
  • 24.64 Sessions
  • 24.65 SMART Outbound Security: Callback Script
  • 24.66 SMART Outbound Security: CODAP
  • 24.67 SMART Outbound Security: Login Skin
  • 24.68 Two Factor Authentication
  • 24.69 TLS / SSL (Encryption)
  • 24.70 Trusted Client
  • 24.71 Trusted Client
  • 24.72 Miscellaneous Categories
    • 24.70    Trusted Client