Skip to main content
Version: Develop

TLS Service Plans

This section describes the usage and configuration of TLS/SSL service plans from the perspective of the Platform Operator. For information from the Application Developer's point of view, please refer to the a9s TLS/SSL Service Plans documentation.

All TLS/SSL Service Instances use a X.509 certificate in order to encrypt the communication between server and client. These X.509 certificates and their corresponding private keys must be in PKCS#1 format and PEM encoded.

There are three general sources for the certificate of a Service Instance:

However, to use TLS/SSL service plans the Platform Operator has either to provide a wildcard certificate that is used for all corresponding service instances or a CA that is used to sign a specific certificate that is extra generated for a Service Instance. Only one of these options can be used at the same time.

Furthermore, please be aware that different services may have special limitations which are described explicitly in the Limitations section.

caution

While the Platform Operator has to decide between a wildcard certificate or a generated certificate, the Application Developer is always able to provide their own certificate for a Service Instance which always takes precedence over the Platform Operator configured option and cannot be prohibit.

Supported Services

The following a9s Data Services support TLS/SSL service plans and share a common configuration interface:

Limitations

Currently, the a9s Data Services do not support service plan upgrades from Non-TLS/SSL to TLS/SSL service plans.

OpenSearch Limitations

OpenSearch expects that the certificates' private keys are in the format PKCS#8. This restriction applies when one is using user provided certificates, a wildcard certificate or generated certificates.

You can check the vendor's documentation for more information:


*Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by anynines GmbH is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and anynines GmbH.