Hi Team,
Please help me on below query related to SSL, Please note that I am using APIGEE Edge CLOUD:
Suppose Client wants APIGEE to save their's Public Certificate in its trust-store, so do we really need to follow 2 way or just storing customer's / client's certificate in our trust store is enough on APIGEE Cloud. I am in this picture that for APIGEE Cloud we don't really need to provide our public certs to clients. Please help me in clarifying my concept.
Thanks
Pratyush
Solved! Go to Solution.
Hi Pratyush,
I am not sure I understand your question correctly but let me give it a shot:
For northbound communication (i.e. API Client => Apigee) 2-way TLS (mTLS) is optional. If you want to make use of mTLS then you need to add the customers public cert or CA cert to your truststore.
Links https://docs.apigee.com/api-platform/system-administration/about-ssl#twowaytls and https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores
If you don't need mTLS then no truststore on Apigee side is needed as the client certificate is not validated.
As for the server side certificate: This certificate needs to be a trusted certificate in Apigee SaaS. Clients should automatically trust the Apigee server certificate if their trusted root CAs are configured correctly.
Hi Pratyush,
I am not sure I understand your question correctly but let me give it a shot:
For northbound communication (i.e. API Client => Apigee) 2-way TLS (mTLS) is optional. If you want to make use of mTLS then you need to add the customers public cert or CA cert to your truststore.
Links https://docs.apigee.com/api-platform/system-administration/about-ssl#twowaytls and https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores
If you don't need mTLS then no truststore on Apigee side is needed as the client certificate is not validated.
As for the server side certificate: This certificate needs to be a trusted certificate in Apigee SaaS. Clients should automatically trust the Apigee server certificate if their trusted root CAs are configured correctly.
Thanks alot for the clarification. I got my answer 🙂