This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to implement Mutual SSL/TLS in Apigee X for Northbound

Posted on 09-06-2021 11:18 PM
vijaymurali
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

What is the recommend way of implementing Mutual SSL in Apigeex for northbound

Since there is no option in Apigee to upload the Certs for the Northbound side(Like virtual Host in the classic)

Also Google Documentation says GCP loadbalancers doesnt support Mutual TLS

What is the recommended pattern here?

1 2 727
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Sorry about no answer to this older question. I'll answer it now in hopes it will help a future reader.

It is true that GCP HTTP load balancers do not support Mutual TLS. Per the documentation,

no-mutual-TLS.png

I understand that there is a goal to support mutual TLS in the HTTP Load Balancer, but I am not part of the load balancing team, and I don't know when that might get delivered. In the meantime you can refer here for a guide on how to perform 2-way TLS authentication for inbound/northbound connections in Apigee X.  This approach uses GCP TCP Load Balancers (not HTTP).  It reserves the task of TLS termination to a set of proxy VMs that you configure and manage on your own.  

In the future ,when the GCP HTTP global load balancer supports mutual TLS, you can swap out your proxy VMs for the managed service.

0 Likes

Posted on --/--/---- --:-- AM
Oliver741
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Amazing tutorial! This is exactly the type of post we like to see on the tutorials board!