enableWafSSL — Adding SSL to an existing site
If a Firewall & CDN has been added and provisioned without SSL, and an SSL certificate is added at a later time, then SSL support must be enabled for the Firewall & CDN product as well.
The enableWafSSL request triggers the site’s SSL validation step, similar to how it’s triggered when detected or forced during Firewall & CDN provisioning (see provisionAddon response for SSL sites).
|
The |
The API endpoint is:
https://api.sitelock.com/v1/partnerRequest format
-
SiteLockOnlineRequest: This element is used to delineate the full API request.
-
authentication: The partner’s username, password, and branding
-
username: The partner’s API username
-
password: The partner’s API password
-
partner: (Optional) The brand name to use in messaging
-
-
enableWafSSL: The method name
-
site_id: The site ID for which to add SSL support
-
-
Response format
When a site with a provisioned Firewall & CDN has or adds an SSL certificate, an additional step is required to fully configure the Firewall & CDN. A certificate authority will independently verify that the user owns the domain for the site being provisioned. To complete this process, an unobtrusive TXT resource record must be temporarily added to the site’s DNS zone. Once the site is SSL validated, this record may be removed.
-
SiteLockOnlineResponse: This element is used to delineate the full API response.
-
enableWafSSL: The method name
-
dns_ssl_verify: The details of the request response
-
current_dns_record_value: The current value of the DNS record. This element will only be populated if a previous SSL validation TXT record is found for this site.
-
current_status: The current status of the record for verification. This element is only populated if
current_dns_record_valuehas a value. -
dns_record_domain: The domain for which the verification record must be added
-
dns_record_type: The type of record, for example
TXT, to be added -
dns_record_value: The value to be placed into the record for verification
-
-
original_dns: The site’s original DNS settings
-
orig_a_rec: The original value of the site’s A record as an IP address
-
orig_cname: The original value of any CNAME alias assigned to the site
-
-
ssl: Additional info about the SSL certificate on your site
-
cert_detected: The value can be either
0or1-
1: The SSL certificate was detected on your site.
-
0: The SSL certificate wasn’t detected on your site.
-
-
-
state: The state of your Firewall & CDN activation
-
traffic_routing: The value can be
0or1-
1: Traffic is routed through Firewall & CDN.
-
0 Traffic isn’t routed through Firewall & CDN.
-
-
waf_dns_manager: Replays data given to SiteLock by the partner
-
partner: The partner will manage DNS updates to configure the Firewall & CDN.
-
customer: The user will manage DNS updates to configure the Firewall & CDN.
-
-
will_retry: This element is present when an SSL certificate isn’t immediately detected on the site at the time of provisioning. This value is always set to
0as SiteLock won’t try to discover SSL automatically. CallgetAnpProvisioningStatusperiodically (at 6-hour intervals) to check the status of the latest provisioning attempt as that will trigger the SSL discovery process.
-
-
Example success response
<SiteLockOnlineResponse>
<enableWafSSL>
<dns_ssl_verify>
<current_dns_record_value></current_dns_record_value>
<current_status></current_status>
<dns_record_domain>www.yourdomain.com</dns_record_domain>
<dns_record_type>TXT</dns_record_type>
<dns_record_value>_globalsign-domain-verification=OdwUi4uWGa5CvSSOKMZaHC7XYFMRW2UW9mkskkWLPu</dns_record_value>
</dns_ssl_verify>
<original_dns>
<orig_a_rec>10.10.10.127</orig_a_rec>
<orig_cname>www.yourdomain.com</orig_cname>
</original_dns>
<ssl>
<cert_detected>1</cert_detected>
<cert_installed>0</cert_installed>
</ssl>
<state>pending-domain-validation</state>
<status>ok</status>
<traffic_routing>0</traffic_routing>
<waf_dns_manager>partner</waf_dns_manager>
</enableWafSSL>
</SiteLockOnlineResponse>