Was this Helpful?

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a web client, such as a browser or app. An encrypted link ensures that all data passing between the web server and the client remains private. To use SSL, a client makes a secure request to the web server by using the secure https:// protocol, instead of the insecure http:// protocol.

When you use the Developer Services portal to deploy your APIs, your developers log in to the portal to register apps and receive API keys. The login credentials and the API key are proprietary information that you want to send over HTTPS to ensure their security. In addition, you should use HTTPS for any other proprietary information sent between the portal and a developer.

The portal supports SSL in all environments:

  • Development and test environments: Requests can use http:// or https://. Requests over https:// use the Apigee SSL certificate. Free trial customers can use the development and test environments, but cannot push to the live production environment until they become paid customers.
  • Production environment: If you use SmartDocs, or if you want to encrypt portal data transfers, then you require https:// and your own SSL certificate. In addition, you have to enable and configure the Drupal Secure Pages module adds to automatically redirect http:// requests to https://.

Considerations when enabling SSL

When creating a new portal, or upgrading an existing portal, do not use the explicit http:// protocol to reference assets such as CSS files, image files, or other types of assets. These assets might not load when you deploy the portal.

Requirements for using SSL on the portal

To use SSL on the portal:

  1. Enable the Drupal CDN (Content Delivery Network) module on the portal. The CDN module alters file URLs so that they can be served over both https:// and http:// from your portal.
  2. Obtain your own SSL certificate for productions. Apigee supplies an SSL certificate for the development and test environments, but you must obtain your own certificate for production.
  3. Configure SSL in the portal production environment.
  4. Enable the Drupal Secure Pages module to redirects http:// requests to https://.

Enabling CDN

In all three portal environments on Pantheon (dev/test/live) , enable the Drupal CDN module to alter file URLs so that they can be served over both https:// and http:// from your portal.

To enable CDN:

  1. Log in to your portal as a user with admin or content creation privileges.
  2. Select Modules in the Drupal administration menu.
  3. Enable the CDN module and save your configuration.
  4. Select Configuration > Development > CDN in the Drupal administration menu.
  5. Select the Details tab.
  6. Define a CDN mapping, which specifies the file extensions loaded by the CDN module. include all possible file extensions for the assets used on your portal. For example:

    //myPortal.com | js css png jpg gif svg eot ttf jpeg
     
  7. Save the configuration.
  8. Select the Other tab.
  9. Select the CDN supports HTTPS checkbox and save the configuration.
  10. Select the General tab.
  11. Set Status to Enabled and save the configuration.
  12. Select Configuration > Development Performance in the Drupal administration menu.
  13. Select Clear all caches.

Configuring SSL for the portal in production

You configure the portal environments from Pantheon. For more information on configuring SSL on Pantheon, see:

http://helpdesk.getpantheon.com/customer/portal/articles/385443

To configure SSL for the portal in Pantheon:

  1. Obtain an SSL certificate.
  2. Log in to Pantheon at https://dashboard.getpantheon.com/login.
  3. Use the instructions at http://helpdesk.getpantheon.com/customer/portal/articles/385443 to:
    • Generate the RSA Key (.key) and CSR (certificate signing request).
    • Enable SSL.
    • Enter the RSA Key and CSR.
  4. In Pantheon, select Domains > Domain Setup.
  5. Ensure that the IP address generated when you registered your SSL certificate appears as a record type of A, references the generated IP directly, and does not use a redirect.

Enabling the Drupal Secure Pages module

The Drupal Secure Pages module redirects http:// page request to the https:// version of the page. You must enable and configure the Secure Pages module to use https:// with the portal.

If SSL is not enabled on your domain, then you cannot enabled the Secure Pages module.

To enable the Drupal Secure Pages module:

  1. Log in to your portal as a user with admin or content creation privileges.
  2. Select Modules in the Drupal administration menu.
  3. Enable the Secure Pages module and save your configuration.
  4. Select Configuration > System > Secure Pages in the Drupal administration menu.
  5. Select Enabled under Enable Secure Pages.
    Note: If SSL is not enabled on your domain, then you cannot enabled the Secure Pages module.
  6. Select the checkbox to enable Switch back to http pages when there are no matches.
  7. Select Make secure every page except the listed pages under Pages which will be secure.
    This setting specifies that all pages are served over https:// except those explicitly listed. The Secure Pages configuration page lets you specify many different rules to control which pages are served by https:// and which are served by http://.  For more information, see Secure Pages.
  8. Save the configuration.
    You will be logged out of the portal because you have just enabled https://.
  9. Log in to the portal.
  10. Ensure that you can navigate the portal pages.
     

Help or comments?

  • Something's not working: See Apigee Support
  • Something's wrong with the docs: Click Send Feedback in the lower right.
    (Incorrect? Unclear? Broken link? Typo?)