Secure the PLOSSYS 5 Services¶

For security reasons, we strongly recommend configuring the TLS encryption and regenerating the client secret in the OIDC identity provider.

Configure the TLS Encryption¶

For securing the connections between the services on the server, the certificate has to contain localhost for self-signed certificates and the Consul-specific server name (for example, <hostname>.node.dc1.consul) for any certificate, see the Requirement.
After the Secure PLOSSYS Administrator step, the certificate files are already located in C:\ProgramData\SEAL Systems\config\tls\. You have to specify the directory only:
- TLS_DIR Directory for storing the files necessary for secure transfer within the PLOSSYS 5 services.
Example - setting key via PLOSSYS CLI
```
plossys config set TLS_DIR "C:\ProgramData\SEAL Systems\config\tls" --insecure
```
Hint - min TLS version

To set the minimum TLS protocol version to be used between services, use the TLS_MIN_VERSION.
Restart PLOSSYS 5.

If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.

In the OIDC identity provider, regenerate the secret for the seal-plossys-cli client, refer to the SEAL Interfaces for OIDC documentation.
For the PLOSSYS CLI call, specify the regenerated client secret in the following Windows environment variable:
- AUTH_CLIENT_SECRET: Client secret generated in the OIDC identity provider for the seal-plossycli client.

Continue with: Secure Consul