REST Admin SSL files type
Use the REST Admin SSL files type to create
configurations that contain certificates which can be used by the integration server administration
REST API and for secure interactions between the App Connect Dashboard and an
integration server.
Summary of key details for the configuration type
| File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration server |
|---|---|---|---|
| ZIP (Contains a set of PEM files) |
Yes | /home/aceuser/adminssl/ | 1 |
Creating the file for a configuration object of type REST Admin SSL
files
The REST Admin SSL files type requires a ZIP file that contains a set of PEM
files for use by the integration server administration REST API. The administration REST API can be used to create or report
security credentials for an integration server.
The ZIP file contents will be extracted into the directory /home/aceuser/adminssl, and can be referenced from the server.conf.yaml file to secure the REST API. To fully use this configuration, modify the server.conf.yaml file to reference the PEM files.
The maximum recommended size of a ZIP file for a configuration is approximately 660 KB.
Only one configuration of type REST Admin SSL files can be specified per
integration server.
By default, when you deploy an integration server, a configuration
object of type REST Admin SSL files is automatically created and applied to that
integration server. The configuration object is generated by using a predefined ZIP file that
contains self-signed certificates, together with a secret that stores the contents of this ZIP file.
The configuration object is created with a metadata.name value of
integrationServerName-is-adminssl, where
integrationServerName is the assigned name of the integration server. The secret
is also generated with the name
integrationServerName-is-adminssl, which is then set as the
spec.secretName value. The predefined ZIP file contains three PEM files, which
are added to the /home/aceuser/adminssl directory:
- ca.crt.pem: The certificate authority (CA) certificate
- tls.crt.pem: The TLS certificate
- tls.key.pem: The TLS key
In the YAML view for the integration server's definition, this default configuration is enabled through the following setting, which is set totrueby default:spec: adminServerSecure: true
It is expected that you would create a configuration object of type
REST Admin SSL files only if you want to use certificates from your own trusted CA
instead of using the pre-supplied self-signed certificates. To set up REST Admin SSL with
certificates that are signed by your preferred CA, complete the following steps:
- Create your certificate PEM files with identical names as the default names that are used for an auto-generated configuration: ca.crt.pem, tls.crt.pem, and tls.key.pem.
- Create a configuration object of type
REST Admin SSL files, as described in Configuration reference: Creating an instance.