Each API Gateway has an administrator account on the operating system where it runs. This administrator account allows you to configure and manage the API Gateway. For security reasons, we recommend that you never use the root account when you configure the API Gateway. Viruses and hackers know that root is the administrator account and can easily gain access to the API Gateway. How depends on whether you have an appliance deployment or a Docker container deployment. You set this administrator account’s password differently for each deployment. Use the following information to set the administration password for your deployment of Secure API Manager.
Appliance management console > Administrative Passwords
NOTE:This section applies only if you deployed Secure API Manager using the appliance.
Setting a password for the vaadmin account on the appliance increases the security of your deployment. To ensure secure communication between the appliance and Access Manager, Secure API Manager uses the vaadmin account on the appliance, not the root account. By default, the vaadmin account does not have a password set on the appliance. You must set the password for the vaadmin account for Secure API Manager to work.
To set the vaadmin password:
Log in to the appliance management console as root.
https://dns-name-appliance:9443
NOTE:You set the root password during the deployment of the appliance.
Click Administrative Passwords.
In the vaadmin, section set a password for this account, then enter the password again.
Click OK.
(Conditional) If you have deployed more than one appliance to cluster Secure API Manager, you must repeat Step 1 through Step 4 on each appliance.
When you configure the API Gateway in the Access Manager Administration Console, you specify the vaadmin password for each node.
After you set the password for the vaadmin account, you must install the Secure API Manager license before you can see the configuration options for Secure API Manager in the Access Manager Administration Console. For more information, see Install the Secure API Manager License and Activation Key.
The Docker container for Secure API Manager runs on a base of SUSE Linux Enterprise Server. You set an administrator password for this base when you deploy the Docker container. To increase the security of the API Gateway, do not use root as the administrator account.