Configure REST API Applications and Web Administration Server certificate

StarlingX provides support for secure HTTPS external connections used for StarlingX REST API application endpoints (Keystone, Barbican and StarlingX) and the StarlingX web administration server.

During installation, the Platform Issuer (system-local-ca) will automatically issue a certificate used to secure access to the StarlingX REST API and to the Web Server GUI. This allows the system to have HTTPS access enabled from the bootstrap to the services. This certificate will be stored in a K8s TLS secret in namespace deployment, named system-restapi-gui-certificate. It will be managed by cert-manager, renewed upon expiration and the required services restarted automatically.

After bootstrap, this certificate’s fields can be updated using the procedure Update system-local-ca or Migrate Platform Certificates to use Cert Manager. The certificate will be managed by cert-manager (auto renewed upon expiration).

The certificate will be anchored by system-local-ca’s Root CA. For more information, refer to System Local CA Issuer.