Setting up the TLS proxy with PQ support.
Location: %SERVICES_ROOT%\Proxy\config.json
{ "Proxy": { "ListenPort": 443, "TLS": { "Enabled": true, "Protocol": "TLS1.3", "Certificate": "%CERTS_PATH%\\server.pfx", "CertificatePassword": "...", "ClientCertificateRequired": true, "ClientCertificateValidation": "ChainTrust" }, "PQCrypto": { "KeyExchange": "ML-KEM-768", "Signature": "ML-DSA-65", "HybridMode": true } } }
{ "Routing": { "Rules": [ { "Match": { "PathPrefix": "/api/", "Headers": { "X-Gateway-Request": "true" } }, "Target": { "Type": "NamedPipe", "PipeName": "DataGatewayApi" } }, { "Match": { "PathPrefix": "/odata/" }, "Target": { "Type": "NamedPipe", "PipeName": "DataGatewayApi" } }, { "Match": { "Default": true }, "Target": { "Type": "Http", "Url": "http://localhost:8443" } } ] } }
{ "CertificateValidation": { "TrustedRoots": [ "%CERTS_PATH%\\CA\\root-ca.crt" ], "RevocationCheck": { "Mode": "Online", "CrlEndpoint": "http://crl.intern/ca.crl", "OcspEndpoint": "http://ocsp.intern/" }, "ValidationServer": { "Enabled": true, "Url": "https://trust.intern/api/validate" } } }