Configuring Transport Layer Security (TLS/SSL) in Ballerina Client
To have a secure connection between the client and server, you need to enable Transport Layer Security (TLS) which is the predecessor of Secure Socket Layer(SSL). Both are frequently referred as SSL. From this article, we will be focusing on ways of which Ballerina client can call HTTPS back-ends.
Ballerina client has three options for the SSL validation.
1. Provide a truststore containing the back end server’s certificate.
2. Directly provide the server’s certificate without having it inside a truststore.
3. Disable the SSL validation.
Let’s discuss them one by one.
- Provide a truststore containing the back end server’s certificate.
As you already know when connecting to an HTTPS back-end there has to be a way of configuring the certs that the client trusts to do the SSL validation. With this option you can have your server’s certificate inside a keystore file. Truststore is just a name for a keystore when you include the certificates you trust into a keystore.
Configuration would be similar to following.
You can configure the path of the truststore along with it’s password.
2. Directly provide the server’s certificate without having it inside a truststore.
From this option you can directly configure the path of the certificate file. This certificate can be a single certificate of the server or a chain of certificates including root and intermediary certificates.
3. Disable the SSL validation.
This option is to invoke the service in an insecure manner. This will ignore the certificate validation during the SSL handshake. This is not recommended to use in production environments.
This is just a quick walk through to give an idea on how to simply work with HTTPS back-ends with Ballerina clients.
Happy coding with Ballerina!
