REST Admin SSL files type
Use the REST Admin SSL files
type to create
configurations that contain certificates that can be used by the integration server or integration runtime administration REST API and for secure
interactions between the App Connect Dashboard and an integration server or integration runtime.
Summary of key details for the configuration type
File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration server or integration runtime |
---|---|---|---|
ZIP (Contains a set of PEM files) |
Yes | /home/aceuser/adminssl/ | 1 |
Creating the file for a configuration object of type REST Admin SSL
files
The REST Admin SSL files
type requires a ZIP file that contains a set of PEM
files for use by the administration REST API. The administration REST API can be used to create or report
security credentials for an integration server or integration runtime.
The .zip file contents are extracted into the directory /home/aceuser/adminssl, and can be referenced from the server.conf.yaml file to secure the REST API. To fully use this configuration, modify the server.conf.yaml file to reference the PEM files.
The maximum recommended size of a .zip file for a configuration is approximately 660 KB.
Only one configuration of type REST Admin SSL files
can be specified per integration server or integration runtime.
REST
Admin SSL files
is automatically created and applied to that integration server or integration runtime. The configuration object is generated by using a
predefined .zip file that contains self-signed certificates, together with a
secret that stores the contents of this .zip file.
- For integration servers, the configuration object is created with a
metadata.name value of
integrationServerName-is-adminssl
, where integrationServerName is the assigned name of the integration server. The secret is also generated with the nameintegrationServerName-is-adminssl
, which is then set as the spec.secretName value. - For integration runtimes, the configuration object is created with a
metadata.name value of
integrationRuntimeName-ir-adminssl
, where integrationRuntimeName is the assigned name of the integration runtime. The secret is also generated with the nameintegrationRuntimeName-ir-adminssl
, which is then set as the spec.secretName value.
- ca.crt.pem: The certificate authority (CA) certificate
- tls.crt.pem: The TLS certificate
- tls.key.pem: The TLS key
In the YAML view for an integration server definition, this default configuration is enabled through the following custom resource (CR) setting, which is set totrue
by default:spec: adminServerSecure: true
There is no equivalent CR setting that you can manually apply to an integration runtime. A default
integrationRuntimeName-ir-adminssl
configuration object is always generated if you do not choose to create your own. (If you are creating your own configuration object, give it an assigned name ofintegrationRuntimeName-ir-adminssl
.)
It is expected that you create a configuration object of type
REST Admin SSL files
only if you want to use certificates from your own trusted CA
instead of using the pre-supplied self-signed certificates. To set up REST Admin SSL with
certificates that are signed by your preferred CA, complete the following steps:
- Create your certificate PEM files with identical names as the default names that are used for an auto-generated configuration: ca.crt.pem, tls.crt.pem, and tls.key.pem.
- Create a configuration object of type
REST Admin SSL files
, as described in Configuration reference: Creating an instance.