This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SSL Queries

Posted on 08-24-2020 12:30 AM
pratysin
New Member
Reply posted on --/--/---- --:-- AM

Hi Team,

Please help me on below query related to SSL, Please note that I am using APIGEE Edge CLOUD:

Suppose Client wants APIGEE to save their's Public Certificate in its trust-store, so do we really need to follow 2 way or just storing customer's / client's certificate in our trust store is enough on APIGEE Cloud. I am in this picture that for APIGEE Cloud we don't really need to provide our public certs to clients. Please help me in clarifying my concept.

Thanks

Pratyush

Solved Solved
0 2 116
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
strebel
Staff
Reply posted on --/--/---- --:-- AM

Hi Pratyush,

I am not sure I understand your question correctly but let me give it a shot:

For northbound communication (i.e. API Client => Apigee) 2-way TLS (mTLS) is optional. If you want to make use of mTLS then you need to add the customers public cert or CA cert to your truststore.

Links https://docs.apigee.com/api-platform/system-administration/about-ssl#twowaytls and https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores

If you don't need mTLS then no truststore on Apigee side is needed as the client certificate is not validated.

As for the server side certificate: This certificate needs to be a trusted certificate in Apigee SaaS. Clients should automatically trust the Apigee server certificate if their trusted root CAs are configured correctly.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
strebel
Staff
Reply posted on --/--/---- --:-- AM

Hi Pratyush,

I am not sure I understand your question correctly but let me give it a shot:

For northbound communication (i.e. API Client => Apigee) 2-way TLS (mTLS) is optional. If you want to make use of mTLS then you need to add the customers public cert or CA cert to your truststore.

Links https://docs.apigee.com/api-platform/system-administration/about-ssl#twowaytls and https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores

If you don't need mTLS then no truststore on Apigee side is needed as the client certificate is not validated.

As for the server side certificate: This certificate needs to be a trusted certificate in Apigee SaaS. Clients should automatically trust the Apigee server certificate if their trusted root CAs are configured correctly.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
pratysin
New Member
In response to strebel
Reply posted on --/--/---- --:-- AM
@ Daniel

Thanks alot for the clarification. I got my answer 🙂

Jump to Solution
0 Likes