- URL:https://<sslCertificates-url>/update(POST only)
- Required Capability:Single machine environment | Default administrator role | Security and infrastructure privilege
- Version Introduced:10.3
Description
This operation is used to configure the web server certificate, TLS protocols, and cipher suites used by the portal.
Note:
This operation is not accessible for highly available portals. In such instances, a counterpart Update Web Server Certificate operation should be used in its place for a high availability workflow. For more information on high availability, please see Import a certificate into the portal.
Request parameters
Parameter | Details |
---|---|
webServerCertificateAlias (Required) | The name of the certificate. The certificate must be present in the portal. Example
|
sslProtocols | The TLS protocols the portal will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas. Note:Ensure that the web server hosting your Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8 or later. Example
|
cipherSuites | The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas. Example
|
HSTSEnabled | A Boolean value that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information. The default is false. Values: true | false Example
|
f | The response format. The default response format is html. Values: html | json | pjson |
Valid cipher suites
The following cipher suites are enabled by default in the portal:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
The following cipher suites are not enabled by default, but are valid and can be added using this operation:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Example usage
Below is a sample POST request for update:
POST /webadaptor/portaladmin/security/sslCertificates/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
webServerCertificateAlias=myselfsignedcertificate&sslProtocols=TLSv1.2&HSTSEnabled=false&cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA&f=json
JSON Response example
{"status": "success"}