Enabling TLS for MaxScale's REST API
MariaDB MaxScale supports data-in-transit encryption, which secures data transmitted over the network. The server and the clients encrypt data using the Transport Layer Security (TLS) protocol, which is a newer version of the Secure Socket Layer (SSL) protocol.
TLS must be manually enabled on the MaxScale instance.
Enabling TLS for the REST API
Acquire an X509 certificate and a private key for the MaxScale instance.
If it is a test or development instance, then self-signed certificates and keys might be sufficient.
Determine which TLS-related global parameters you need to configure.
Mandatory global parameters for TLS include:
This parameter defines the private key used by the REST API.
This parameter defines the certificate used by the REST API.
This parameter defines the CA certificate that signed the REST API's certificate.
Set your global parameters in
Global parameters are placed in the
[maxscale] ... admin_ssl_key = /certs/server-key.pem admin_ssl_cert = /certs/server-cert.pem admin_ssl_ca_cert = /certs/ca-cert.pem
Restart the MaxScale instance.
On operating systems that use systemd:
$ sudo systemctl restart maxscale
On systems that use Upstart:
$ sudo service maxscale restart