Configuration

We follow the principle of "convention before configuration".

Certificate pinning

Enabling and disabling encryption cannot be configured on the client side. If you need to disable encryption, please get in contact with us. Additional log information allow you to transparently see the encryption status.

You can check for the following log messages which indicate if encryption is enabled and if it is being used. The following log message indicates that the DMC server is configured to use TLS encryption:

Fri Jan 08 13:10:23 CET 2021 | INFO |SocketReader | Encrypted connection requested!

A TLS connection attempt is indicated by the term "using TLS" in the log messages for the SocketReader.

SocketReader - try to connect to: 128.127.8.141 on port: 41003 (using TLS) SocketReader - connected to 128.127.8.141:41003 via TLS encryption.

Please note that IP and port might differ in your log.

The following log message indicates a completed, successful TLS handshake and the used cipher:

Fri Jan 08 13:10:23 CET 2021 | INFO | SocketReader | tryConnectTLS | Used cipher: TLSv1.2/TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Certificate pinning

Certificate pinning is enabled by default as we recommend.

If you need to disable certificate pinning, go to the settings.properties configuration file of the DMC client and add the following entry:

dmc.disableCertificateCheck=true

Valid values for disableCertificateCheck are true and false, where false is the default value.

If certificate pinning is enabled (disableCertificateCheck=false), then the validity of the entire entire certificate chain is checked. The certificate authority (CA) is checked against the list of trusted CAs from your JVM. In addition, each certificate is validated if it has already expired.

The fingerprints of the primary and secondary server are already preconfigured. If you need to override them, use the colon hexidecimal notation: