Securing the a9s Framework with TLS

caution

Currently, some a9s Data Services are experiencing problems regarding logging when using TLSv1.3. Therefore, we strongly recommend to use TLSv1.2.

These issues with TLSv1.3 are not present in a9s Messaging nor a9s MariaDB.

This section describes the configuration of TLS/SSL for the a9s Data Services Framework components.

It is divided into the following general topics:

• General Configuration
• Certificate Rotation

Supported Components

The following a9s Data Services Framework components support TLS/SSL:

• a9s Backup Manager
• a9s BOSH Deployer
• a9s CF Service Guard
• a9s KeyValue SPI
• a9s LogMe 2 SPI
• a9s MariaDB SPI
• a9s Messaging SPI
• a9s MongoDB SPI
• a9s PostgreSQL SPI
• a9s Prometheus SPI
• a9s Redis SPI
• a9s Search SPI