- URL:
- https://<root>/security/sslCertificates/update
- Methods:
POST- Version Introduced:
- 10.3
Access requirements
Required privileges
The Portal Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.
Tokens
This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Portal Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.
Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generate operation in the Portal Directory API. For security reasons, all POST requests made to the Portal Administrator API must include a token in the request body.
Description
The update operation configures the web server certificate, TLS protocols, and cipher suites used by the portal.
Request parameters
| Parameter | Details |
|---|---|
(Required) | The name of the certificate. The certificate must be present in the portal. Example |
| The TLS protocols the portal will use. Example |
| The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas. Example |
| A boolean value that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information. The default is Values: |
| The response format. The default response format is Values: |
Valid cipher suites
The following cipher suites are enabled by default in the portal:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_AES_256_GCM_SHA384,
TLS_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHAThe following cipher suites are not enabled by default, but are valid and can be added using this operation:
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHAExample usage
The following is a sample POST request for the update operation:
POST /<context>/portaladmin/security/sslCertificates/update HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
webServerCertificateAlias=myselfsignedcertificate&sslProtocols=TLSv1.2&HSTSEnabled=false&cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA&f=jsonJSON Response example
{"status": "success"}