We Have Moved
The IBM Application Gateway has a new home - docs.verify.ibm.com/gateway
The documentation on this site will no longer be maintained after v21.02, please update your bookmarks.
Front End
Description
Specifies the configuration the gateway server will use when securely communicating with clients. This configuration includes:
- The certificate to be used for secure communication with clients. If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
- The TLS protocols that are enabled for client communication.
- Any additional server certificates which should be used for specific hosts using the 'server name indication' (SNI) TLS extension.
Properties
The following table(s) describe the configuration properties for this component:
Name | Type | Constraints | Description |
---|---|---|---|
tlsv12 | boolean | Values: true,false Default:true |
A boolean which indicates whether or not TLS v1.2 is enabled. |
tlsv13 | boolean | Values: true,false Default:false |
A boolean which indicates whether or not TLS v1.3 is enabled. |
tlsv10 | boolean | Values: true,false Default:false |
A boolean which indicates whether or not TLS v1.0 is enabled. |
tlsv11 | boolean | Values: true,false Default:false |
A boolean which indicates whether or not TLS v1.1 is enabled. |
certificate | array[string] | PEM based personal certificate files which will be used when communicating with the client. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required). If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping. |
|
sni | array[SNI Object] |
SNI Object
Specifies a list of SNI certificate to hostname mappings for the front end.
Name | Type | Constraints | Description |
---|---|---|---|
hostname | string | The name of the host for this SNI entry. |
|
certificate | array[string] | PEM based personal certificate files which will be used when communicating with clients which indicate this host. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required). |
Example
server:
ssl:
front_end:
certificate:
- "@host.crt"
- "@host.key"
- "@ca.crt"
tlsv12: true
sni:
- certificate:
- "@test.crt"
- "@test.key"
hostname: www.test.com
- certificate:
- "@example.crt"
- "@example.key"
hostname: www.example.com