SSL/Front End

server/ssl/front_end

Specifies the configuration the gateway server will use when securely communicating with clients. This configuration includes:

The certificate to be used for secure communication with clients. If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
The TLS protocols that are enabled for client communication.
Any additional server certificates which should be used for specific hosts using the server name indication (SNI) TLS extension.

Properties

Name	Type	Constraints	Description
certificate	Array of string		PEM based personal certificate files which will be used when communicating with the client. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required). If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
tlsv10	boolean	Values: `true` or `false` Default value: `false`	A boolean which indicates whether or not TLS v1.0 is enabled.
tlsv11	boolean	Values: `true` or `false` Default value: `false`	A boolean which indicates whether or not TLS v1.1 is enabled.
tlsv12	boolean	Values: `true` or `false` Default value: `true`	A boolean which indicates whether or not TLS v1.2 is enabled.
tlsv13	boolean	Values: `true` or `false` Default value: `false`	A boolean which indicates whether or not TLS v1.3 is enabled.
sni	Array of sni

server/ssl/front_end/sni[]

Specifies a list of SNI certificate to hostname mappings for the front end.

Properties

Name	Type	Constraints	Description
certificate	Array of string		PEM based personal certificate files which will be used when communicating with clients which indicate this host. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).
hostname	string		The name of the host for this SNI entry.

Example

server:
  ssl:
    front_end:
      certificate:
        - "@host.crt"
        - "@host.key"
        - "@ca.crt"
      tlsv12: true
      sni:
        - certificate:
          - "@test.crt"
          - "@test.key"
          hostname: www.test.com
        - certificate:
            - "@example.crt"
            - "@example.key"
          hostname: www.example.com
    trust_certificates:
      - "@www-dev.pem"
      - "@redis-staging-1.pem"
      - "@redis-staging-2.pem"