Admin/API TLS Connection

The admin/API TLS connection provides access the admin UI and allows REST calls to be made to the Controller.

Complete the following fields to configure the Admin/API TLS connection:

• Unique Admin Hostname. The hostname to be used by admins and REST API calls. Use only fully qualified domain names or IPv4/IPv6 address.

• TLS Port . The default is port 8443.

• Allow Sources. To allow a connection to this port the requesting IP address must match at least one of these allowed sources. By default the list contains two entries: address (0.0.0.0) and netmask 0 & address :: and netmask 0.

  • If the list is empty, no connections are allowed.

  • If an entry contains address, netmask, and interface, then both subnet and interface must match.

  • If an entry only contains address and netmask, then only subnet needs to match.

  • If an entry only contains interface, then only the interface must match.

Example:

• TLS Ciphers. TLS Ciphers to allow on the admin interface. Use the default ciphers unless your browsers require some other specific cipher to be used. Admin/API access is via the Unique Admin Hostname. This uses the self-signed root certificate which means there will be an 'unsafe' warning shown (the browser does not trust the certificate). To avoid the admin having to approve this certificate, an externally signed certificate can be used. This requires a PKCS#12 file containing a certificate (for the Unique Admin Hostname) signed by a trusted CA and the private key is required to terminate the admin/API HTTPS connection.

• HTTPS Certificate - PKCS #12. Allows you to upload a PKCS #12 file which includes a CA signed certificate to remove the untrusted browser warning associated with the self-signed certificate used by the system.

  • File. Select the PKCS #12 file to upload.

  • Password. The password for the PKCS #12 file. See more information about removing the browser security warning.