HTTP interfaces for security features

Return a summary of the TLS data. The JSON response will contain a field result with the following components:

• keyfile: Information about the key file.
• clientCA: Information about the Certificate Authority (CA) for client certificate verification.

If server name indication (SNI) is used and multiple key files are configured for different server names, then there is an additional attribute SNI, which contains for each configured server name the corresponding information about the key file for that server name.

In all cases the value of the attribute will be a JSON object, which has a subset of the following attributes (whatever is appropriate):

• sha256: The value is a string with the SHA256 of the whole input file.
• certificates: The value is a JSON array with the public certificates in the chain in the file.
• privateKeySha256: In cases where there is a private key (keyfile but not clientCA), this field is present and contains a JSON string with the SHA256 of the private key.

This API requires authentication.

This API call triggers a reload of all the TLS data (server key, client-auth CA) and then returns a summary. The JSON response is exactly as in the corresponding GET request.

This is a protected API and can only be executed with superuser rights.

Change the user-supplied encryption at rest key by sending a request without payload to this endpoint. The file supplied via --rocksdb.encryption-keyfolder will be reloaded and the internal encryption key will be re-encrypted with the new user key.

This is a protected API and can only be executed with superuser rights. This API is not available on Coordinator nodes.