enabled whether this part of the policy will be enforced Boolean true true, false
compensatingControl whether there’s another mechanism to handle this (elsewhere) in the stack Boolean false true, false
data certificate information
key path to key file String ”/path/to/key” String or null*
cert path to certificate file String ”/path/to/cert” String or null*
keyExchange path to key exchange file String ”/path/to/strong/exchange/key” String or null*
ciphers list of encryption ciphers to use String Array [] (nodejs default ciphers) The full suite of ciphers supported in openssl (run openssl ciphers at command prompt)
redirectSecure creates an HTTP server for redirection Boolean true true, false
rejectWeakCiphers forces the HTTPS server to formally reject insecure ciphers (key length less than 128 bits, 3DES) Boolean true true,false
rejectInsecureTLS forces the HTTPS server to use TLS 1.1 or later Boolean true true,false
forceHttps creates an HTTPS server and forces all traffic to it Boolean true true, false

* This information should be treated as highly sensitive (aka ‘SECRET’) and putting the full path to these files is not recommended. Instead, leave these values as null and include these path values in your environment variables. Reference ‘Secrets Management’ for more details