@@ -62,6 +62,69 @@ This guide explains how to create a user on A10 vThunder for API (AXAPI) access
6262 exit
6363 ```
6464
65+ #### ThunderSsl Aliases
66+
67+ In the ThunderSsl store type, the ** alias** directly corresponds to the certificate and private key names stored on the A10 appliance:
68+
69+ - ** Certificate Name** : The alias becomes the SSL certificate identifier in A10's certificate store
70+ - ** Private Key Name** : The same alias is used for the associated private key
71+ - ** Template References** : SSL templates reference certificates by this exact alias name
72+ - ** API Operations** : All A10 API calls use this alias to identify the certificate/key pair
73+
74+ ##### Example ThunderSsl Usage
75+ ```
76+ Alias: "webserver-prod-2025"
77+ → A10 Certificate: "webserver-prod-2025"
78+ → A10 Private Key: "webserver-prod-2025"
79+ → Template Reference: server-ssl template uses cert "webserver-prod-2025"
80+ ```
81+
82+ ##### Alias Renaming for Template-Bound Certificates
83+
84+ When replacing a certificate that's bound to SSL templates, the orchestrator uses an intelligent renaming strategy:
85+
86+ 1 . ** Timestamp Generation** : Creates a Unix timestamp (10 digits)
87+ 2 . ** Alias Pattern Matching** :
88+ - If alias contains existing timestamp: ` webserver-prod_1640995200 ` → ` webserver-prod_1672531200 `
89+ - If no timestamp found: ` webserver-prod ` → ` webserver-prod_1672531200 `
90+ 3 . ** Length Validation** : Ensures final alias stays within A10's 240-character limit
91+ 4 . ** Template Updates** : All SSL templates are updated to reference the new timestamped alias
92+ 5 . ** Cleanup** : Original certificate is removed after successful template updates
93+
94+ ##### Replacement Workflow Example
95+ ```
96+ Original: "api-gateway-cert"
97+ Step 1: Generate new alias → "api-gateway-cert_1672531200"
98+ Step 2: Upload certificate with new alias
99+ Step 3: Update server-ssl templates: cert "api-gateway-cert" → "api-gateway-cert_1672531200"
100+ Step 4: Update client-ssl templates: cert "api-gateway-cert" → "api-gateway-cert_1672531200"
101+ Step 5: Remove old certificate "api-gateway-cert"
102+ Step 6: Rebind templates to virtual services
103+ ```
104+
105+
106+
107+ ##### Alias Best Practices
108+ - Use descriptive names that indicate purpose: ` web-frontend-ssl ` , ` api-backend-tls `
109+ - Avoid special characters that might conflict with A10 naming rules
110+ - Consider including environment indicators: ` prod-web-cert ` , ` stage-api-cert `
111+ - Remember that renaming will append timestamps for template-bound certificates
112+
113+
114+
115+ ##### Character Limitations
116+ - ** Maximum Length** : 240 characters (enforced by orchestrator)
117+ - ** Recommended Characters** : Letters, numbers, hyphens, underscores
118+ - ** Avoid** : Special characters that might cause issues in API calls or file operations
119+
120+ #### Troubleshooting Alias Issues
121+
122+ ##### ThunderSsl Common Issues
123+ - ** Template Update Failures** : Verify templates exist and are accessible
124+ - ** Long Alias Names** : Orchestrator will truncate to fit timestamp if needed
125+ - ** Special Characters** : May cause API call failures
126+
127+
65128#### Notes
66129
67130- This user will now be able to authenticate and perform actions via A10's AXAPI (v2/v3) interface.
0 commit comments