Integration runtime configuration typeIntegration server configuration type

REST Admin SSL files type

Use the REST Admin SSL files type to create configurations that contain certificates that can be used by the integration server or integration runtime administration REST API and for secure interactions between the App Connect Dashboard and an integration server or integration runtime.


Summary of key details for the configuration type

File name or type Contains secrets Path extracted/imported to Maximum allowed per integration server or integration runtime
ZIP

(Contains a set of PEM files)

 Yes /home/aceuser/adminssl/ 1

Creating the file for a configuration object of type REST Admin SSL files

The REST Admin SSL files type requires a ZIP file that contains a set of PEM files for use by the administration REST API. The administration REST API can be used to create or report security credentials for an integration server or integration runtime.

The .zip file contents are extracted into the directory /home/aceuser/adminssl, and can be referenced from the server.conf.yaml file to secure the REST API. To fully use this configuration, modify the server.conf.yaml file to reference the PEM files.

The maximum recommended size of a .zip file for a configuration is approximately 660 KB.

Only one configuration of type REST Admin SSL files can be specified per integration server or integration runtime.

Note:
By default, when you deploy an integration server or integration runtime, a configuration object of type REST Admin SSL files is automatically created and applied to that integration server or integration runtime. The configuration object is generated by using a predefined .zip file that contains self-signed certificates, together with a secret that stores the contents of this .zip file.
  • For integration servers, the configuration object is created with a metadata.name value of integrationServerName-is-adminssl, where integrationServerName is the assigned name of the integration server. The secret is also generated with the name integrationServerName-is-adminssl, which is then set as the spec.secretName value.
  • For integration runtimes, the configuration object is created with a metadata.name value of integrationRuntimeName-ir-adminssl, where integrationRuntimeName is the assigned name of the integration runtime. The secret is also generated with the name integrationRuntimeName-ir-adminssl, which is then set as the spec.secretName value.
The predefined .zip file contains three PEM files, which are added to the /home/aceuser/adminssl directory:
  • ca.crt.pem: The certificate authority (CA) certificate
  • tls.crt.pem: The TLS certificate
  • tls.key.pem: The TLS key

    In the YAML view for an integration server definition, this default configuration is enabled through the following custom resource (CR) setting, which is set to true by default:
    spec:
  adminServerSecure: true

    There is no equivalent CR setting that you can manually apply to an integration runtime. A default integrationRuntimeName-ir-adminssl configuration object is always generated if you do not choose to create your own. (If you are creating your own configuration object, give it an assigned name of integrationRuntimeName-ir-adminssl.)

It is expected that you create a configuration object of type REST Admin SSL files only if you want to use certificates from your own trusted CA instead of using the pre-supplied self-signed certificates. To set up REST Admin SSL with certificates that are signed by your preferred CA, complete the following steps:

  1. Create your certificate PEM files with identical names as the default names that are used for an auto-generated configuration: ca.crt.pem, tls.crt.pem, and tls.key.pem.
  2. Create a configuration object of type REST Admin SSL files, as described in Configuration reference: Creating an instance.