Configure API Portal

This section describes how to configure the following on API Portal:

These configurations apply to both virtual appliance and software installations.

For details how to configure the look and feel of your API Portal end-user interface, see the API Portal Administrator Guide.

Configure the SSL certificate

To enable SSL on API Portal, you must configure Apache database to use the correct certificate.

Configure Apache database in virtual appliance installation

API Gateway Appliance includes a self-signed certificate that enables HTTPS out-of-the-box. It is recommended that you replace it with a certificate tied to the host server and issued by the Certificate Authority (CA).

If you have API Portal running on API Gateway Appliance and you do not have an existing certificate, you can create or upload one using the Web Administrator Interface (WAI) of your virtual appliance. For more details, see Create an SSL certificate in the API Gateway Appliance Installation and Administration Guide.

  1. Import the SSL certificate, the root certificate, and any intermediate certificates to NSS database using the Certificate Database Tool (certutil):
  2. certutil -A -d <NSS database directory> -n <certificate nickname> -t CT,C,C -a -i <certificate file>

    For example:

    certutil -A -d /etc/apache2/mod_nss.d -n SSL-Cert -t ,, -a -i ssl.crt

    certutil -A -d /etc/apache2/mod_nss.d -n Root-Cert -t CT,C,C -a -i rootcert.crt

    certutil -A -d /etc/apache2/mod_nss.d -n Intermediate-Cert -t ,, -a -i intermediate.crt

    Note   You must import the root certificate with the C trust attribute set for SSL, otherwise the Apache service fails.

    For more details on certutil and the parameters, see NSS certutil documentation.

  3. To check that the certificates are successfully imported, list the certificates in the database:
  4. certutil -L -d <NSS database directory>

    An example output looks like this:

    Certificate Nickname       Trust Attributes
    <your CA cert nickname>     u,u,u

    Note   The trust attributes must be u,u,u. This shows that NSS has found a private key and linked it to the imported certificate.
  5. Open the /etc/apache2/vhosts.d/apiportal.conf file.
  6. Change the following line:
  7. NSSNickname Server-Cert
  8. to:

  9. NSSNickname <your CA certificate nickname>
  10. Restart the apache2 service.

Configure Apache database in software installation

  1. Open the /etc/httpd/conf.d/apiportal.conf file.
  2. Change SSLCertificateFile and SSLCertificateKeyFile to point to your CA certificate and key files.
  3. Restart the apache2 service.

Protect Joomla! Administration Interface from direct Internet access

To counter a session fixation vulnerability in Joomla!, it is recommended that you protect the Joomla! Administration Interface (JAI) from direct Internet access.

  1. Open the /etc/apache2/conf.d/security.conf file.
  2. Add an access restriction directive for the /administrator location. Specify the internal IP address range that is allowed to access JAI. For example:
  3. ServerTokens ProductOnly
    ServerSignature Off
      <Location /administrator>
        Order deny,allow
        deny from all
        allow from 10.232.14.

  4. To restart the web server configuration, enter the following:
  5. # /etc/init.d/apache2 reload

Terms and conditions text configuration

To specify the API Portal Terms & Conditions content, modify or replace the contents of the following file:


The copyright notice that is displayed at the bottom of the API Portal pages can be customized when you edit the following file:


Related Links