.. _configure-rest-api-applications-and-web-administration-server-certificates-after-installation-6816457ab95f:

=========================================================================
Configure REST API Applications and Web Administration Server certificate
=========================================================================

|prod| provides support for secure HTTPS external connections to the REST API
endpoints for services (see
`https://docs.starlingx.io/api-ref/index.html <https://docs.starlingx.io/api-ref/index.html>`__), the |prod| Web
administration server, and the Kubernetes API server.

During installation, the Platform Issuer (``system-local-ca``) automatically
issues a certificate to secure access to the REST API endpoints. This allows
the system to have HTTPS access enabled already from the services start up.
This certificate is stored in a Kubernetes |TLS| secret in the namespace
``deployment``, named ``system-restapi-gui-certificate``. The certificate is
renewed automatically by cert-manager upon expiration and the required services
are automatically reconfigured by the platform.

After bootstrap, this certificate's fields can be updated using the procedure
:ref:`migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d`. The
certificate will be managed by cert-manager (auto renewed upon expiration).

The certificate will be anchored by ``system-local-ca``'s Root |CA|. For more
information, refer to
:ref:`system-local-ca-issuer-9196c5794834`.