Default certificates are automatically generated by APICUP when the subsystem is
installed.
About this task
Important:
- Customization of public certificates and public user-facing certificates is recommended.
Customization of internal certificates is strongly discouraged.
- To view a list of public, public user-facing, and internal certificates, see Certificate management: Read This First. For details on each certificate, see Certificate reference.
Default certificates are generated for each subsystem by the apicup subsys
install command. If certificates are not explicitly set by using the apicup certs
set command, then default certificates are automatically generated by APICUP. The default
certificates are self-signed, so they might not provide a level of trust suitable for external
communication.
Procedure
-
Enter the settings for the subsystem by using
apicup subsys set <SUBSYS>
and validate the subsystem settings by using apicup subsys get <SUBSYS>
--validate. The subsystem must pass validation before setting the
certificates.
- Install the subsystem by using the
apicup subsys install command.
- The default certificates are created for the subsystem. A default certificate is a
private certificate that is uniquely generated by the installer for this project directory, they are
self-signed and always pass validation.
- List all certificates that are set for a subsystem by using the
apicup certs list
command.
apicup certs list –help
List all configured certificates
Usage:
apicup certs list SUBSYS [flags]
Flags:
-h, --help help for list
Global Flags:
--accept-license Accept the license for API Connect
--debug Enable debug logging
Following is example output from the
apicup certs list
command:
Common certificates
===================
Name Summary Validation errors
---- ------- -----------------
analytics-client-client CN: analytics-client-client
SubjectKeyId: D9:DE:C8:6A:E9:E1:3E:30:48:71:E0:63:E3:09:51:AA
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
analytics-ingestion-client CN: analytics-ingestion-client
SubjectKeyId: 27:60:BF:DF:6C:34:29:FE:8E:83:21:1B:C0:14:B2:9E
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
ingress-ca CN: ingress-ca
SubjectKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
AuthorityKeyId: 5E:6D:5C:6E:2C:BE:50:F3:4E:EE:FD:02:76:86:6C:5A
portal-client CN: portal-client
SubjectKeyId: 08:A8:57:A5:99:BC:79:FA:14:59:A4:98:6D:F7:43:C4
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
root-ca CN: root-ca
SubjectKeyId: 5E:6D:5C:6E:2C:BE:50:F3:4E:EE:FD:02:76:86:6C:5A
AuthorityKeyId:
Subsystem mgmt certificates
===========================
Name Summary Validation errors
---- ------- -----------------
api-manager-ui CN: api-manager-ui
SubjectKeyId: A3:C1:A1:4F:21:23:21:2F:1F:D7:87:30:E1:1E:33:A3
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
appliance-client CN: appliance-client
SubjectKeyId: 5C:FB:0F:5D:B8:BF:6F:89:CB:25:DD:54:31:A7:B4:63
AuthorityKeyId: 60:D9:B2:37:0B:17:FB:CD:FC:49:29:32:F6:A6:49:7C
cloud-admin-ui CN: cloud-admin-ui
SubjectKeyId: E7:E2:D6:35:95:6B:D4:3B:F7:F7:9F:5F:DD:B8:02:E9
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
consumer-api CN: consumer-api
SubjectKeyId: 2A:80:EB:A6:31:9E:A5:C6:41:D9:1F:69:D1:9E:31:75
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E
encryption-secret 2D:F9:61:0C:45:CB:6E:90:85:E0:0E:D3:DF:CC:B4:47
k8s-ca CN: k8s-ca
SubjectKeyId: 60:D9:B2:37:0B:17:FB:CD:FC:49:29:32:F6:A6:49:7C
AuthorityKeyId:
platform-api CN: platform-api
SubjectKeyId: 6D:E7:60:21:81:7E:F6:40:A4:9A:2F:88:35:D1:18:04
AuthorityKeyId: 0B:37:61:5F:81:B3:67:5B:E0:F1:05:A6:6E:08:D5:8E