Enabling TLS for MaxScale's REST API
This page is part of MariaDB's Documentation.
The parent of this page is: Data-in-Transit Encryption for MariaDB MaxScale
Topics on this page:
Overview
MariaDB MaxScale supports data-in-transit encryption, which secures data transmitted over the network. The server and the clients encrypt data using the Transport Layer Security (TLS) protocol, which is a newer version of the Secure Socket Layer (SSL) protocol.
TLS must be manually enabled on the MaxScale instance.
Enabling TLS for the REST API
Acquire an X509 certificate and a private key for the MaxScale instance.
If it is a test or development instance, then self-signed certificates and keys might be sufficient.
Determine which TLS-related global parameters you need to configure.
Mandatory global parameters for TLS include:
Parameter
Description
This parameter defines the private key used by the REST API.
This parameter defines the certificate used by the REST API.
This parameter defines the CA certificate that signed the REST API's certificate.
Set your global parameters in
maxscale.cnf
.Global parameters are placed in the
[maxscale]
configuration group.For example:
[maxscale] ... admin_ssl_key = /certs/server-key.pem admin_ssl_cert = /certs/server-cert.pem admin_ssl_ca_cert = /certs/ca-cert.pem
Restart the MaxScale instance.
$ sudo systemctl restart maxscale