|
1 | 1 | ## Overview |
2 | 2 |
|
3 | | -TODO Overview is a required section |
| 3 | +### 🔒 SSL Certificates |
| 4 | + |
| 5 | +**Purpose:** |
| 6 | +Used for securing traffic that passes through the device (i.e., traffic handled by SLB/ADC features). |
| 7 | + |
| 8 | +**Usage Context:** |
| 9 | +- SSL Offloading |
| 10 | +- SSL Intercept (Decryption/Encryption) |
| 11 | +- Reverse proxy configurations |
| 12 | + |
| 13 | +**Configured In:** |
| 14 | +- **GUI:** `ADC → Ssl Management |
| 15 | + |
| 16 | + |
| 17 | +**Example:** |
| 18 | +If the A10 is acting as an SSL offloader for a backend web server, the **SSL Certificate** is used to terminate client HTTPS sessions. |
| 19 | + |
4 | 20 |
|
5 | 21 | ## Requirements |
6 | 22 |
|
7 | | -TODO Requirements is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info |
| 23 | +### Creating a User for API Access on A10 vThunder |
| 24 | + |
| 25 | +This guide explains how to create a user on A10 vThunder for API (AXAPI) access with appropriate privileges. |
| 26 | + |
| 27 | +#### Step-by-Step Instructions |
| 28 | + |
| 29 | +1. **Enter configuration mode:** |
| 30 | + ```bash |
| 31 | + configure terminal |
| 32 | + ``` |
| 33 | + |
| 34 | +2. **Create the user and set a password:** |
| 35 | + ```bash |
| 36 | + admin apiuser password yourStrongPassword |
| 37 | + ``` |
| 38 | + |
| 39 | + Replace `apiuser` with the desired username, and `yourStrongPassword` with a secure password. |
| 40 | + |
| 41 | +3. **Assign necessary privileges:** |
| 42 | + ```bash |
| 43 | + privilege read |
| 44 | + privilege write |
| 45 | + privilege partition-enable-disable |
| 46 | + privilege partition-read |
| 47 | + privilege partition-write |
| 48 | + ``` |
| 49 | + |
| 50 | + These privileges grant the user: |
| 51 | + - Global read and write access |
| 52 | + - Per-partition read and write access |
| 53 | + - Permission to enable or disable partitions |
| 54 | + |
| 55 | +4. **(Optional) Enable external health monitor privilege (if needed):** |
| 56 | + ```bash |
| 57 | + privilege hm |
| 58 | + ``` |
| 59 | + |
| 60 | +5. **Exit user configuration:** |
| 61 | + ```bash |
| 62 | + exit |
| 63 | + ``` |
| 64 | + |
| 65 | +#### Notes |
| 66 | + |
| 67 | +- This user will now be able to authenticate and perform actions via A10's AXAPI (v2/v3) interface. |
| 68 | +- Role-Based Access (RBA) and partition assignment can further fine-tune access control. |
| 69 | + |
| 70 | +#### Example Login via AXAPI |
| 71 | + |
| 72 | +Example using `curl` for AXAPI v3 login: |
| 73 | +```bash |
| 74 | +curl -X POST https://<vThunder-IP>/axapi/v3/auth \ |
| 75 | + -d '{"credentials":{"username":"apiuser","password":"yourStrongPassword"}}' \ |
| 76 | + -H "Content-Type: application/json" |
| 77 | +``` |
8 | 78 |
|
9 | 79 | ## Certificate Store Configuration |
10 | 80 |
|
|
0 commit comments