Configure SSL - PingIntelligence for APIs

Configure SSL - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 1 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Administration User task Configuration Certificate Management

ABS supports only TLS 1.1 and TLS 1.2 and requires Open JDK 11.0.2. You can configure SSL by setting the value of enable_ssl parameter to true in pingidentity/abs/mongo/abs_init.js file. Setting the value to true enables SSL communication between ASE and ABS as well as for ABS external REST APIs. Following is a snippet of the abs.init file with enable_ssl parameter:

db.global_config.insert({
	"attack_initial_training": "24",
	"attack_update_interval": "24",
	"url_limit": "100",
	"response_size": "100",
	"job_frequency" : "10",
	"window_length" : "24",
	"enable_ssl": true,
	"api_discovery": false,
	"discovery_initial_period" : "24",
	"discovery_subpath": "1",
	"continuous_learning": true,
	"discovery_update_interval": "1"
});

ABS ships with a default self-signed certificate with Java Keystore at abs/config/ssl/abs.jks and the default password set to abs123 in the abs.properties file. The default password is obfuscated in the abs.properties file. It is recommended to change the default passwords and obfuscate the new passwords. See, Obfuscating Passwords for steps to obfuscate passwords.

If you want to use your own CA-signed certificates, you can import them in ABS.