Update Web Server Certificate

URL:
https://<root>/machines/<machine>/sslCertificates/update
Methods:
POST
Required Capability:
Access allowed with the "Security and Infrastructure" privilege
Version Introduced:
10.8

Description

The update operation configures the web server certificate, TLS protocols, and cipher suites used by the portal in a high availability (multiple machine) environment.

Request parameters

ParameterDetails

webServerCertificateAlias

(Required)

The name of the certificate. The certificate must be present in the portal.

Example
Use dark colors for code blocksCopy
1
webServerCertificateAlias=myselfsignedcertificate

sslProtocols

The TLS protocols the portal will use. TLSv1.2 and TLSv1.3 (support for TLSv1.3 was added at 10.9) is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas.

Example
Use dark colors for code blocksCopy
1
sslProtocols=TLSv1.2,TLSv1.3

cipherSuites

The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas.

Example
Use dark colors for code blocksCopy
1
cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA

HSTSEnabled

A boolean value that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information. The default is false.

Values: true | false

f

The response format. The default response format is html.

Values: html | json | pjson

Valid cipher suites

The following cipher suites are enabled by default in the portal:

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_AES_256_GCM_SHA384,
TLS_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

The following cipher suites are not enabled by default, but are valid and can be added using this operation:

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA

Example usage

The following is a sample POST request for the update operation:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /webadaptor/portaladmin/machines/MACHINE.DOMAIN.COM/sslCertificates/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

webServerCertificateAlias=myselfsignedcertificate&sslProtocols=TLSv1.2&HSTSEnabled=false&cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA&f=json

JSON Response example

Use dark colors for code blocksCopy
1
{"status": "success"}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.