Updated on 2023-12-20 GMT+08:00

SSL Certificates

API groups that contain HTTPS-compatible APIs must have their independent domain names bound with SSL certificates. SSL certificates are used for data encryption and identity verification.

Prerequisites

  • Only SSL certificates in PEM format are supported.
  • SSL certificates support only the RSA, ECDSA, and DSA encryption algorithms.

Adding an SSL Certificate

  1. Go to the APIG console.
  2. Select a dedicated gateway at the top of the navigation pane.
  3. In the navigation pane, choose API Management > API Policies.
  4. On the SSL Certificates tab, click Create SSL Certificate.

    Table 1 SSL certificate configuration

    Parameter

    Description

    Name

    Enter an SSL certificate name that conforms to specific rules to facilitate search.

    Gateways Covered

    • Current: The certificate will be displayed only for the current gateway.
    • All: The certificate will be displayed for all gateways.

    Content

    SSL certificate content in PEM format.

    Open the target PEM certificate file using Notepad or other tools, and copy the certificate content to Content.

    If the certificate is not in PEM format, convert it to this format.

    Key

    SSL certificate key in PEM format.

    Open the KEY or PEM private key file using Notepad or other tools, and copy the private key to Key.

  5. Click OK. The SSL certificate is added.

Converting Certificate Format to PEM

Format

Converting with OpenSSL

CER/CRT

Rename the certificate file cert.crt cert.pem.

PFX

  • Run the private key export command. For example, run the following command to convert cert.pfx into key.pem:

    openssl pkcs12 -in cert.pfx -nocerts -out key.pem

  • Run the certificate export command. For example, run the following command to convert cert.pfx into cert.pem:

    openssl pkcs12 -in cert.pfx -nokeys -out cert.pem

P7B

  1. Run the certificate conversion command. For example, run the following command to convert cert.p7b into cert.cer:

    openssl pkcs7 -print_certs -in cert.p7b -out cert.cer

  2. Rename the certificate file cert.cer cert.pem.

DER

  • Run the private key export command. For example, run the following command to convert privatekey.der into privatekey.pem:

    openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

  • Run the certificate export command. For example, run the following command to convert cert.cer into cert.pem:

    openssl x509 -inform der -in cert.cer -out cert.pem

Updating an SSL Certificate

To update an SSL certificate, go to the certificate list page, click Modify in the Operation column of the target certificate, and then modify it.

Follow-Up Operations

After creating a certificate, bind it to an independent name of an API group.