Skip To Content

Update Web Server Certificate

Description

This operation is used to configure the web server certificate, TLS protocols, and cipher suites used by the portal.

Note:

This operation is not accessible for highly available portals. In such instances, a counterpart Update Web Server Certificate operation should be used in its place for a high availability workflow. For more information on high availability, please see Import a certificate into the portal.

Request parameters

ParameterDetails
webServerCertificateAlias

(Required)

The name of the certificate. The certificate must be present in the portal.

Example

webServerCertificateAlias=myselfsignedcertificate
sslProtocols

The TLS protocols the portal will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas.

Note:

Ensure that the web server hosting your Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8 or later.

Example

sslProtocols=TLSv1.2
cipherSuites

The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas.

Example

cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA
HSTSEnabled

A Boolean value that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information. The default is false.

Values: true | false

Example

HSTSEnabled=false
f

The response format. The default response format is html.

Values: html | json | pjson

Valid cipher suites

The following cipher suites are enabled by default in the portal:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA

The following cipher suites are not enabled by default, but are valid and can be added using this operation:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA

Example usage

Below is a sample POST request for update:


POST /webadaptor/portaladmin/security/sslCertificates/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

webServerCertificateAlias=myselfsignedcertificate&sslProtocols=TLSv1.2&HSTSEnabled=false&cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA&f=json

JSON Response example

{"status": "success"}