Quando configuri un TargetServer per supportare TLS, specifichi un keystore o un truststore utilizzando
un riferimento. Un riferimento è una variabile che contiene il nome dell'archivio chiavi o dell'archivio attendibile, anziché specificare direttamente il nome dell'archivio chiavi o dell'archivio attendibile.
Un riferimento può essere rappresentato da un oggetto XML come quello riportato di seguito:
Il vantaggio di utilizzare un riferimento è che puoi modificarne il valore per cambiare
il keystore utilizzato dal server di destinazione, di solito perché il certificato nel keystore corrente
scadrà a breve.
Puoi utilizzare solo un riferimento al keystore e al truststore; non puoi utilizzare un riferimento all'alias. Quando modifichi il riferimento a un keystore, assicurati che il nome alias del certificato sia lo stesso del keystore precedente.
Limitazioni all'utilizzo di riferimenti a keystore e truststore
Se hai un bilanciatore del carico e termini TLS sul
bilanciatore del carico, non puoi utilizzare i riferimenti al keystore e al truststore nel server di destinazione.
Creare un riferimento
Puoi utilizzare la UI o l'API Apigee per creare un nuovo riferimento.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-08-18 UTC."],[[["\u003cp\u003eThis documentation applies to both Apigee and Apigee hybrid platforms, focusing on TargetServer TLS configurations.\u003c/p\u003e\n"],["\u003cp\u003eReferences are variables used to specify keystores or truststores in TLS configurations, allowing for easy updates without direct name changes.\u003c/p\u003e\n"],["\u003cp\u003eUsing references for keystores or truststores allows you to change the keystore utilized by the target server, typically for certificate renewals, without needing to change the alias.\u003c/p\u003e\n"],["\u003cp\u003eReferences for keystores and truststores are incompatible with load balancers that terminate TLS.\u003c/p\u003e\n"],["\u003cp\u003eReferences can be created and modified via both the Apigee UI and API, which include steps and code examples.\u003c/p\u003e\n"]]],[],null,["# Working with References\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nWhen configuring a TargetServer to support TLS, you specify a keystore or truststore by using\na reference. A reference is a variable that contains the name of the keystore or truststore,\nrather than specifying the keystore or truststore name directly.\n\nA reference can be represented by an XML object like the one below: \n\n```xml\n \u003creference\u003e\n \u003cname\u003eReferenceName\u003c/name\u003e\n \u003cdescription\u003eReferencDescription\u003c/description\u003e\n \u003cresourceType\u003eReferredResourceType\u003cresourceType\u003e\n \u003crefers\u003eReferredResource\u003crefers\u003e\n \u003c/reference\u003e\n```\n\nThe advantage to using a reference is that you can change the value of the reference to change\nthe keystore used by the target server, usually because the cert in the current keystore is\nexpiring in the near future.\n\nYou can only use a reference to the keystore and truststore; you cannot use a reference to the\nalias. When you change the reference to a keystore, ensure that the alias name of the cert is the\nsame as in the old keystore.\n\n#### Restrictions on using references to keystores and truststore\n\nIf you have a load balancer and terminate TLS on the\nload balancer, then you cannot use keystore and truststore references in the target server.\n\nCreate a reference\n------------------\n\nYou can use the Apigee UI or API to create a new reference.\n\n### Apigee in Google Cloud console\n\nTo create a reference using the Google Cloud console:\n\n1. In the Google Cloud console, go to the **Management \\\u003e Environments** page.\n\n [Go to Environments](https://console.cloud.google.com/apigee/environments)\n2. Select the desired environment where you want to create the reference.\n\n3. Click the **References** tab.\n\n4. Click **Create Reference**.\n\n5. In the **Create Reference** pane, enter the following details:\n - **Name**: The name of the reference.\n - **Keystore**: The keystore to which the reference points.\n6. Click **Create**.\n\n### Classic UI\n\nTo create a reference using the UI:\n\n1. Log in to the [Apigee UI](https://apigee.google.com).\n2. Select the name of your organization.\n3. Select **Admin \\\u003e Environments \\\u003e References**.\n4. Select the Environment (typically `prod` or `test`).\n5. Select the **+ Reference** button.\n6. In the **Add Reference** pop-up:\n 1. Add the **Name** of the reference.\n 2. Select the **Reference**, the referred keystore or truststore.\n 3. Select **Add Reference**.\n\n### API\n\nTo create a reference using the [Create\nReference](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.references/create) API call: \n\n```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n -X POST \\\n -d '{\n \"reference\": {\n \"name\": MyReferenceName\",\n \"resourceType\": \"KeyStore\",\n \"refers\": \"KeyStoreID\"\n }\n }' \\\n https://apigee.googleapis.com/v1/{parent=organizations/*/environments/*}/references\n```\n\nModify a reference\n------------------\n\nYou can use the Apigee UI or API to modify an existing reference.\n\n### Apigee in Google Cloud console\n\nTo modify a reference using the Google Cloud console:\n\n1. In the Google Cloud console, go to the **Management \\\u003e Environments** page.\n\n [Go to Environments](https://console.cloud.google.com/apigee/environments)\n2. Select the desired environment where you want to modify the reference.\n\n3. Click the **References** tab.\n\n4. In the displayed list, select the reference that you want to modify.\n\n5. Click more_vert **Actions** \\\u003e **Edit**.\n\n6. In the **Edit Reference** pane, update the reference to specify the new keystore.\n7. Click **Update**.\n\n### Classic Apigee UI\n\nTo modify the value of a reference in the UI:\n\n1. Log in to the [Apigee UI](https://apigee.google.com).\n2. Select the name of your organization.\n3. Select **Admin \\\u003e Environments \\\u003e References**.\n4. Select the Environment (typically `prod` or `test`).\n5. Select the **Edit** button for the reference.\n6. Update the reference to specify the new keystore or truststore. **Caution**: Ensure that the alias in the new keystore has the same name as the alias in the old keystore.\n7. Save your updates.\n\n### API\n\nTo change the reference to point to a different keystore, ensuring that the alias in the new\nkeystore has the same name as the alias in the old keystore, use the [Update Reference](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.references/update) API: \n\n```\n curl -H \"Authorization: Bearer $TOKEN\" \\\n -X PUT \\\n -d '{\n \"name\": \"MyReferenceName\",\n \"resourceType\": \"KeyStore\",\n \"refers\": \"KeyStoreID\"\n }' \\\n https://apigee.googleapis.com/v1/{name=organizations/*/environments/*/references/*}\n \n```"]]