Update Web Server Certificate

URL:: https://<root>/machines/<machine>/sslCertificates/update
Methods:: POST
Required Capability:: Access allowed with the "Security and Infrastructure" privilege
Version Introduced:: 10.8

Description

The update operation configures the web server certificate, TLS protocols, and cipher suites used by the portal in a high availability (multiple machine) environment.

Request parameters

Parameter	Details
`webServerCertificateAlias` (Required)	The name of the certificate. The certificate must be present in the portal. Example Use dark colors for code blocksCopy `1 webServerCertificateAlias=myselfsignedcertificate`
`sslProtocols`	The TLS protocols the portal will use. `TLSv1.2` and `TLSv1.3` (support for `TLSv1.3` was added at 10.9) is enabled by default. You can also enable `TLSv1` and `TLSv1.1`. Values must be separated by commas. Note Ensure that the web server hosting your Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8 or later. Example Use dark colors for code blocksCopy `1 sslProtocols=TLSv1.2,TLSv1.3`
`cipherSuites`	The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas. Example Use dark colors for code blocksCopy `1 cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA`
`HSTSEnabled`	A boolean value that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information. The default is `false`. Values: `true` \| `false`
`f`	The response format. The default response format is `html`. Values: `html` \| `json` \| `pjson`

Valid cipher suites

The following cipher suites are enabled by default in the portal:

Use dark colors for code blocksCopy
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_AES_256_GCM_SHA384,
TLS_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

The following cipher suites are not enabled by default, but are valid and can be added using this operation:

Use dark colors for code blocksCopy
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA

Example usage

The following is a sample POST request for the update operation:

Use dark colors for code blocksCopy
POST /webadaptor/portaladmin/machines/MACHINE.DOMAIN.COM/sslCertificates/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

webServerCertificateAlias=myselfsignedcertificate&sslProtocols=TLSv1.2&HSTSEnabled=false&cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA&f=json

JSON Response example

Use dark colors for code blocksCopy
{"status": "success"}