docs/doc/source/security/kubernetes/starlingx-rest-api-applications-and-the-web-administration-server-deprecated.rst

StarlingX REST API Applications and the Web Administration Server Certificate

Note

This procedure is deprecated. For up-to-date information, refer to: starlingx-rest-api-applications-and-the-web-admin-server-cert-9196c5794834.

By default, provides HTTP access to REST API application endpoints (Keystone, Barbican and ) and the web administration server. For improved security, you can enable HTTPS access. When HTTPS access is enabled, HTTP access is disabled.

When HTTPS is enabled for the first time on a system, a self-signed server certificate and key are automatically generated and installed for REST and Web Server endpoints. In order to connect, remote clients must be configured to accept the self-signed server certificate without verifying it. This is called insecure mode.

For secure-mode connections, an Intermediate or Root -signed server certificate and key are required. The use of an Intermediate or Root -signed server certificate is strongly recommended. Refer to the documentation for the external Intermediate or Root that you are using, on how to create public certificate and private key pairs, signed by an Intermediate or Root , for HTTPS.

Note

Refer to the documentation for the external Intermediate or Root that you are using, on how to create public certificate and private key pairs, signed by an Intermediate or Root , for HTTPS.

You can update the certificate and key used by for the REST and Web Server endpoints at any time after installation.

For additional security, optionally supports storing the private key of the REST and Web Server certificate in a hardware device. 2.0-compliant hardware must be available on the controller hosts.

For more details, refer to:

enable-https-access-for-starlingx-rest-and-web-server-endpoints install-update-the-starlingx-rest-and-web-server-certificate