Most SnapLogic API requests can be sent to the SnapLogic cloud endpoint. The SnapLogic cloud runs with a signed TLS (SSL) certificate. The client sending the HTTP request will validate the CA certificate to verify the validity of the certificate.
Some SnapLogic API requests can be sent to the Groundplex nodes directly, including requests for Ground-triggered Pipelines and requests to the FeedMaster nodes for Ultra Pipelines. The Snaplex nodes run with self-signed certificates. A load balancer must be installed to handle the incoming requests to the Groundplex nodes. The load balancer can be configured with the customer's TLS (SSL) certificate. The clients see the certificate exposed by the load balancer.
- If the load balancer is configured with a custom TLS (SSL) certificate and configured to terminate TLS (SSL) connections, you do not have to change the TLS (SSL) certificate on the Groundplex nodes. The Groundplex nodes can run using the default SnapLogic-generated certificate, which is the recommended configuration.
- If you are running with JRE 11.0.10 onwards, endpoint connections to TLS 1.0 and 1.1 are disabled by default. We recommend that you update the endpoint to support TLS 1.2 or higher, for security.
Learn more about managing JRE versions with TLS endpoints for the following installation environments:
If the certificate cannot be changed on the load balancer, choose one of the following methods to allow the HTTP clients to verify the authenticity of the Snaplex nodes when sending these requests:
- Allow all certificates: If running on a trusted network, the HTTP client can be configured to allow all certificates.
- Update the Snaplex nodes to run with a signed certificate: This requires updating all the Snaplex nodes to run with a signed certificate provided by the customer. The keystore would have to be updated on each Snaplex node and the service restarted to enable this option. Either a wildcard certificate or a unique certificate per node would have to be used to enable this option.
- Trust org specific CA certificate: Each Snaplex node runs with a self-signed certificate which is signed with an Org-specific CA certificate. You can download this Org certificate and add it to its trust store to allow trusted communication with any node in the Org. To download the certificate, go to the details of a Triggered task and click on the Download the CA certificate for your SnapLogic organization option.