SSL/Front End

server/ssl/front_end

Specifies the configuration the gateway server will use when securely communicating with clients. This configuration includes:

  • The certificate to be used for secure communication with clients. If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.

  • The TLS protocols that are enabled for client communication.

  • Any additional server certificates which should be used for specific hosts using the server name indication (SNI) TLS extension.

Properties

NameTypeConstraintsDescription
certificateArray of stringPEM based personal certificate files which will be used when communicating with the client. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).
If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
tlsv10booleanValues: true or false

Default value: false
A boolean which indicates whether or not TLS v1.0 is enabled.
tlsv11booleanValues: true or false

Default value: false
A boolean which indicates whether or not TLS v1.1 is enabled.
tlsv12booleanValues: true or false

Default value: true
A boolean which indicates whether or not TLS v1.2 is enabled.
tlsv13booleanValues: true or false

Default value: false
A boolean which indicates whether or not TLS v1.3 is enabled.
sniArray of sni

server/ssl/front_end/sni[]

Specifies a list of SNI certificate to hostname mappings for the front end.

Properties

NameTypeConstraintsDescription
certificateArray of stringPEM based personal certificate files which will be used when communicating with clients which indicate this host. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).
hostnamestringThe name of the host for this SNI entry.

Example

server:
  ssl:
    front_end:
      certificate:
        - "@host.crt"
        - "@host.key"
        - "@ca.crt"
      tlsv12: true
      sni:
        - certificate:
          - "@test.crt"
          - "@test.key"
          hostname: www.test.com
        - certificate:
            - "@example.crt"
            - "@example.key"
          hostname: www.example.com

Did this page help you?