TLS Inspection Configuration

List all TLS configuration deployments

get/ssl/deployments

SecurityTrend Micro Cloud One API Key

Responses

200

Response based on AWS or Azure provider

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error

Response samples

200
404

application/json

Available TLS deployments

{"deployments": [{"status": "done",
"message": null,
"applianceId": 21,
"submitted": "2021-06-02T21:54:31.870Z",
"completed": "2021-06-02T21:54:31.962Z",
"id": 1,
"serverIp": "192.0.2.1",
"certificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
"hsmSecretsArn": "arn:aws:secretsmanager:us-west-2:511311637224:secret:CloudHSM_Configuration-Jv7ayp",
"kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"inspectionStatus": "null"
},
{"status": "done",
"message": null,
"applianceId": 122,
"submitted": "2021-06-02T21:54:46.186Z",
"completed": "2021-06-02T21:54:46.259Z",
"akvUri": "https://example-key-vault-name.vault.azure.net",
"id": 2,
"serverIp": "192.0.2.1",
"inspectionStatus": "null"
}
]
}

Deploy a TLS configuration on an appliance

post/ssl/deployments

TLS inspection requires a minimum TippingPoint Operating System (TOS) version of 2021.8.0.11159

For details on locating your device identifier, refer to Appliance management.

To determine whether your TLS configuration was successfully deployed to your appliance, you can poll the status. Learn more.

SecurityTrend Micro Cloud One API Key

Request

Request Body schema: application/json

One of:

A request to deploy TLS configuration to an appliance. The request must include at least one certificate ARN, and either a reference to access matching certificate keys via HSM, or provide private keys in PEM format (and password if encrypted).

The certificate ARNs should be from one of the following sources:

ACM,
S3 bucket.

Access to the private keys:

HSM secrets ARN or
included in the request in PEM format

Ensure that your appliance has access to all resources required for a TLS deployment in your AWS environment.

applianceId required	integer <int64> The appliance identifier where the TLS configuration will be deployed
certificateArn	string Deprecated ACM or S3 ARN from where the server's public certificate will be retrieved. see "certificates" which supports both single and multi-certificate deployments
	Array of objects (CertificateInfo) Server's public certificates and optional private key assets
hsmSecretsArn	string Secrets ARN to provide HSM connection information
kmsArn required	string ARN of key management service that has the key for encrypting customer data on the appliance
pemKey	string Deprecated Server's private key (can be encrypted) in PEM format. see "certificates" which supports both single and multi-certificate deployments
pemKeyPassword	string Deprecated Server's private key password if key is encrypted. see "certificates" which supports both single and multi-certificate deployments
serverIp required	string IPv4 address or subnet (CIDR A.B.C.D/8-32) of the server that will be proxied for TLS decryption

Responses

200

Response based on AWS or Azure provider

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error

Request samples

Payload

application/json

TLS configuration referencing an uploaded PEM key and ACM in an AWS environment

{"applianceId": "10",
"serverIp": "192.0.2.1",
"certificates": [{"arn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
"pemKey": "Your pem key goes here",
"pemKeyPassword": "Your pem key password goes here"
}
],
"kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}

Response samples

200
400
404

application/json

TLS configuration referencing an uploaded PEM key and ACM in an AWS environment

{"id": "42",
"status": "queued, started, done, error",
"applianceId": "10",
"serverIp": "192.0.2.1",
"certificateArns": ["arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
],
"kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"inspectionStatus": null
}

Query the status of a TLS configuration deployment by ID

get/ssl/deployments/{id}

Use this operation to query the status of TLS configuration deployment. After you deploy your TLS configuration, the response to your API contains an ID of the request. Use this ID value as the path parameter in your status query request. The response returns one of the following values for the deployment status:

queued	The TLS configuration deployment request has been queued.
started	The TLS configuration deployment request is being processed.
done	The TLS configuration deployment request was successfully deployed to your appliance.
error	The TLS configuration deployment request could not complete. Refer to the message property in the response for an explanation.

SecurityTrend Micro Cloud One API Key

Request

path Parameters

id

required

integer <int64>

deployment identifier

Responses

200

Response based on AWS or Azure provider

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error

Response samples

200
404

application/json

TLS configuration referencing an uploaded PEM key and ACM in an AWS environment

{"id": "42",
"status": "queued, started, done, error",
"applianceId": "10",
"serverIp": "192.0.2.1",
"certificateArns": ["arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
],
"kmsArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"inspectionStatus": null
}

Delete a TLS configuration deployment from an appliance.

delete/ssl/deployments/{id}

Use this operation to remove a TLS configuration from your appliance. Use the deployment identifier as the path parameter in this request.

SecurityTrend Micro Cloud One API Key

Request

path Parameters

id

required

integer <int64>

deployment identifier

Responses

204

No Content

400

Bad Request

403

Forbidden

404

Not Found

500

Internal Server Error