HTTP Resource Adaptor

We recommend that you adhere to principles of Zero Trust while designing, commissioning, and modifying your deployment. Zero Trust includes authenticating and authorizing traffic whenever possible, giving the least amount of access required to sessions and entities, and assuming that a security breach could originate from anywhere. A Zero Trust security model helps mitigate the effect of a breach if a device or network is compromised. For more information on Zero Trust principles, see Zero Trust Model - Modern Security Architecture | Microsoft Security.

This documentation uses Transport Layer Security (TLS) certificates to refer to X.509 certificates used with the TLS protocol. Outside of this product’s documentation, you may see TLS certificates referred to as SSL/TLS certificates or just SSL certificates. These terms are often used interchangeably, even though Secure Sockets Layer (SSL) is a distinct protocol from TLS.

HTTP Resource Adaptor provides full support for protocols such as TLS and HTTP. For details about supported protocols, see HTTP Resource Adaptor Statement of Compliance. To configure secure connections for HTTP Resource Adaptor, check the instructions in the Secure configuration section of the HTTP Resource Adaptor Guide.

You must establish trust domains around your devices and network and configure security controls on the trust boundaries such as firewalls, network security groups, and rate limiting, even when you control the devices on both sides of the boundary.

We recommend that you replace certificates at least once per year, including removing the old certificates from your system. This is known as rotating certificates. You might need to rotate your certificates more frequently if they expire after less than one year, or if organizational policies require it.