Configure REST API Applications and Web Administration Server certificate

StarlingX provides support for secure HTTPS external connections to the REST API endpoints for services (see https://docs.starlingx.io/api-ref/index.html), the StarlingX Web administration server, and the Kubernetes API server.

During installation, the Platform Issuer (system-local-ca) automatically issues a certificate to secure access to the REST API endpoints. This allows the system to have HTTPS access enabled already from the services start up. This certificate is stored in a Kubernetes TLS secret in the namespace deployment, named system-restapi-gui-certificate. The certificate is renewed automatically by cert-manager upon expiration and the required services are automatically reconfigured by the platform.

After bootstrap, this certificate’s fields can be updated using the procedure Update system-local-ca or Migrate Platform Certificates to use Cert Manager. The certificate will be managed by cert-manager (auto renewed upon expiration).

The certificate will be anchored by system-local-ca’s Root CA. For more information, refer to System Local CA Issuer.