Skip To Content

Update Web Server Certificate

Description

This operation is used to configure the web server certificate, TLS protocols, and cipher suites used by the portal.

Request parameters

ParameterDetails
webServerCertificateAlias

(Required)

The name of the certificate. The certificate must be present in the portal.

Example

webServerCertificateAlias=myselfsignedcertificate
sslProtocols

The TLS protocols the portal will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas.

Note:

Ensure that the web server hosting your Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8 or later.

Example

sslProtocols=TLSv1.2
cipherSuites

The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas.

Example

cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA
HSTSEnabled

A Boolean value that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information. The default is false.

Values: true | false

Example

HSTSEnabled=false
f

The response format. The default response format is html.

Values: html | json | pjson

Valid cipher suites

The following cipher suites are enabled by default in the portal:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA

The following cipher suites are not enabled by default, but are valid and can be added using this operation:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA

Example usage

Below is a sample POST request for update:


POST /webadaptor/portaladmin/machines/MACHINE.DOMAIN.COM/sslCertificates/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

webServerCertificateAlias=myselfsignedcertificate&sslProtocols=TLSv1.2&HSTSEnabled=false&cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA&f=json

JSON Response example

{"status": "success"}