The TLS configuration.
| JSON representation |
|---|
{
"caCerts": [
{
object ( |
| Fields | |
|---|---|
caCerts[] |
Required. Specifies a list of allowed custom CA certificates for HTTPS verification. |
TlsConfig.CaCert
The CA certificate.
| JSON representation |
|---|
{ "displayName": string, "cert": string } |
| Fields | |
|---|---|
displayName |
Required. The name of the allowed custom CA certificates. This can be used to disambiguate the custom CA certificates. |
cert |
Required. The allowed custom CA certificates (in DER format) for HTTPS verification. This overrides the default SSL trust store. If this is empty or unspecified, CES will use Google's default trust store to verify certificates. N.B. Make sure the HTTPS server certificates are signed with "subject alt name". For instance a certificate can be self-signed using the following command, openssl x509 -req -days 200 -in example.com.csr \ -signkey example.com.key \ -out example.com.crt \ -extfile <(printf "\nsubjectAltName='DNS:www.example.com'") A base64-encoded string. |