TLS Inspection Configuration

List all TLS configuration deployments

get/ssl/deployments
Responses
200

Response based on AWS or Azure provider

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error

Response samples
application/json

Available TLS deployments

{
  • "deployments": [
    ]
}

Deploy a TLS configuration on an appliance

post/ssl/deployments

TLS inspection requires a minimum TippingPoint Operating System (TOS) version of 2021.8.0.11159

For details on locating your device identifier, refer to Appliance management.

To determine whether your TLS configuration was successfully deployed to your appliance, you can poll the status. Learn more.

Request
Request Body schema: application/json
One of:

A request to deploy TLS configuration to an appliance. The request must include the ARN of the certificate, and either a reference to access the private key or the private key (and password if encrypted, pemKey/pemKeyPassord).

The ARN for the certificate should be from one of the following sources:

  • ACM,
  • S3 bucket.

Access to the private key:

  • HSM secrets ARN (hsmSecretsARN) or
  • KMS ARN

Ensure that your appliance has access to all resources required for a TLS deployment in your AWS environment.

applianceId
required
integer <int64>

The appliance identifier where the TLS configuration will be deployed

certificateArn
required
string

ACM or S3 ARN from where the server's public certificate will be retrieved

hsmSecretsArn
string

Secrets ARN to provide HSM connection information

kmsArn
required
string

ARN of key management service that has the key for encrypting customer data on the appliance

pemKey
string

Server's private key (can be encrypted) in PEM format

pemKeyPassword
string

Server's private key password if key is encrypted

serverIp
required
string

IPv4 address or subnet (CIDR A.B.C.D/8-32) of the server that will be proxied for TLS decryption

Responses
200

Response based on AWS or Azure provider

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error

Request samples
application/json

TLS configuration referencing an uploaded PEM key and ACM in an AWS environment

{
  • "applianceId": "10",
  • "serverIp": "192.0.2.1",
  • "pemKey": "Your pem key goes here",
  • "pemKeyPassword": "Your pem key password goes here",
  • "certificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
  • "kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
Response samples
application/json

TLS configuration referencing an uploaded PEM key and ACM in an AWS environment

{
  • "id": "42",
  • "status": "queued, started, done, error",
  • "applianceId": "10",
  • "serverIp": "192.0.2.1",
  • "certificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
  • "kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
  • "inspectionStatus": null
}

Query the status of a TLS configuration deployment by ID

get/ssl/deployments/{id}

Use this operation to query the status of TLS configuration deployment. After you deploy your TLS configuration, the response to your API contains an ID of the request. Use this ID value as the path parameter in your status query request. The response returns one of the following values for the deployment status:

queued The TLS configuration deployment request has been queued.
started The TLS configuration deployment request is being processed.
done The TLS configuration deployment request was successfully deployed to your appliance.
error The TLS configuration deployment request could not complete. Refer to the message property in the response for an explanation.

Request
path Parameters
id
required
integer <int64>

deployment identifier

Responses
200

Response based on AWS or Azure provider

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error

Response samples
application/json

TLS configuration referencing an uploaded PEM key and ACM in an AWS environment

{
  • "id": "42",
  • "status": "queued, started, done, error",
  • "applianceId": "10",
  • "serverIp": "192.0.2.1",
  • "certificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
  • "kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
  • "inspectionStatus": null
}

Delete a TLS configuration deployment from an appliance.

delete/ssl/deployments/{id}

Use this operation to remove a TLS configuration from your appliance. Use the deployment identifier as the path parameter in this request.

Request
path Parameters
id
required
integer <int64>

deployment identifier

Responses
204

No Content

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error