Configure REST API Applications and Web Administration Server certificate¶
StarlingX provides support for secure HTTPS external connections to the REST API endpoints for services (see https://docs.starlingx.io/api-ref/index.html), the StarlingX Web administration server, and the Kubernetes API server.
During installation, the Platform Issuer (system-local-ca
) automatically
issues a certificate to secure access to the REST API endpoints. This allows
the system to have HTTPS access enabled already from the services start up.
This certificate is stored in a Kubernetes TLS secret in the namespace
deployment
, named system-restapi-gui-certificate
. The certificate is
renewed automatically by cert-manager upon expiration and the required services
are automatically reconfigured by the platform.
After bootstrap, this certificate’s fields can be updated using the procedure Update system-local-ca or Migrate Platform Certificates to use Cert Manager. The certificate will be managed by cert-manager (auto renewed upon expiration).
The certificate will be anchored by system-local-ca
’s Root CA. For more
information, refer to
System Local CA Issuer.