IBM Security Identity and Access: Developer PortalSearchSite map
Home / IBM Application Gateway / References / Yaml / Front End

We Have Moved

The IBM Application Gateway has a new home - docs.verify.ibm.com/gateway

The documentation on this site will no longer be maintained after v21.02, please update your bookmarks.

Front End

Description

Specifies the configuration the gateway server will use when securely communicating with clients. This configuration includes:

  • The certificate to be used for secure communication with clients. If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
  • The TLS protocols that are enabled for client communication.
  • Any additional server certificates which should be used for specific hosts using the 'server name indication' (SNI) TLS extension.

Properties

The following table(s) describe the configuration properties for this component:

Name Type Constraints Description
tlsv12 boolean Values: true,false
Default:true		 A boolean which indicates whether or not TLS v1.2 is enabled.
tlsv13 boolean Values: true,false
Default:false		 A boolean which indicates whether or not TLS v1.3 is enabled.
tlsv10 boolean Values: true,false
Default:false		 A boolean which indicates whether or not TLS v1.0 is enabled.
tlsv11 boolean Values: true,false
Default:false		 A boolean which indicates whether or not TLS v1.1 is enabled.
certificate array[string] PEM based personal certificate files which will be used when communicating with the client. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).
If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
sni array[SNI Object]

SNI Object

Specifies a list of SNI certificate to hostname mappings for the front end.

Name Type Constraints Description
hostname string The name of the host for this SNI entry.
certificate array[string] PEM based personal certificate files which will be used when communicating with clients which indicate this host. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).

Example

 server:
         ssl:
             front_end:
                 certificate: 
                     - "@host.crt"
                     - "@host.key"
                     - "@ca.crt"
                 tlsv12: true
                 sni:
                     - certificate: 
                           - "@test.crt"
                           - "@test.key"
                       hostname: www.test.com
                     - certificate: 
                           - "@example.crt"
                           - "@example.key"
                       hostname: www.example.com