(Optional) Adding an SSL Certificate for an API
API groups that contain HTTPS-compatible APIs must have their independent domain names bound with SSL certificates. SSL certificates are used for data encryption and identity verification, and support both one-way and two-way authentication.
- One-way authentication: When connecting to the server, a client verifies whether the server is correct.
- Two-way authentication: When connecting to a server, a client verifies the server and the server also verifies the client.
Prerequisites
- Only SSL certificates in PEM format are supported.
- SSL certificates support only the RSA, ECDSA, and DSA encryption algorithms.
Adding an SSL Certificate
- Go to the APIG console.
- Select a dedicated gateway at the top of the navigation pane.
- In the navigation pane, choose API Management > API Policies.
- On the SSL Certificates tab, click Create SSL Certificate.
Table 1 SSL certificate configuration Parameter
Description
Name
Enter an SSL certificate name that conforms to specific rules to facilitate search.
Gateways Covered
- Current: The certificate will be displayed only for the current gateway.
- All: The certificate will be displayed for all gateways.
Algorithm
Specify the encryption algorithm used by the certificate. Options: RSA or ECC.
Content
SSL certificate content in PEM format.
Open the target PEM certificate file using Notepad or other tools, and copy the certificate content to Content.
If the certificate is not in PEM format, convert it to this format.
Key
SSL certificate key in PEM format.
Open the KEY or PEM private key file using Notepad or other tools, and copy the private key to Key.
CA
For two-way authentication, you need to enter the CA certificate to verify both the server and client certificates. After the CA certificate is uploaded, the independent domain name needs to be bound to an SSL certificate to enable two-way authentication. Open the CA certificate file (.pem format) corresponding to the preceding certificate content as a text file and copy the CA content to CA.
If the certificate is not in PEM format, convert it to this format.
NOTE:If your gateway does not support CA certificates, contact customer service to upgrade the gateway.
- Click OK. The SSL certificate is added.
Converting Certificate Format to PEM
Format |
Converting with OpenSSL |
---|---|
CER/CRT |
Rename the certificate file cert.crt cert.pem. |
PFX |
|
P7B |
|
DER |
|
Updating an SSL Certificate
On the certificate list page, locate the certificate to be updated, click Modify in the Operation column, and modify the certificate information.
- Updating the SSL certificate does not affect API calling.
- If the certificate to be updated has been bound to an independent domain name, all clients that access the domain name can view the updated certificate.
- If the updated SSL certificate has been bound to an independent domain name, the client authentication (HTTPS two-way authentication) is disabled by default when a CA certificate is added to the updated content.
Follow-Up Operations
After creating a certificate, (Optional) Binding an SSL Certificate to an independent name of an API group.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot