I am currently trying to secure my edgemicro gateway with SSL.
I have added the crt, key and ca in the config and when I call the gateway via https on postman(with SSL certificate verification enabled in postman) I get a successful response. However, I do not have any of the certificates loaded into my postman, thus I do not have to pass the cert&key and it will work just need to call https.
Additional note: I added a DNS entry on my laptop to route the certificate DNS name to localhost to test the server certificate(can't do the development on the server where the URL is routed too), not sure if that makes a difference.
How do I force the gateway to check that the client(postman in this case) is passing the correct certificates to the gateway?
edgemicro: port: 443 max_connections: 1000 config_change_poll_interval: 600 ssl: key: >- C:\Users\...\key_dev.pem cert: >- C:\Users\...\cert.pem ca: >- C:\Users\...\Intermediate.crt rejectUnauthorized: true
you also need
requestCert: true
this will cause MG to expect a cert from postman.
Thank You,
When I enable requestCert and add the certs to Postman i just get the standard "Couldn't get any response back" form postman, even if I disable SSL certificate verification in Postman I also get the same response back,, normally if I do that with Postman I get a response.
I have created a self signed crt and key for localhost and I am not able to call it when passing the certs also, when I use Postman or Curl with Insecure, should I get a result from the gateway when requestCert is enabled? Because currently as soon as I enable requestCert then I can't get a response.
So the issue was with using Curl and WinSSL, the Ciphers allowed in WinSSL was not compatible with the cert. After changing to OpenSSL it is working.
For postman not working: with Curl I can send only a cert as the serverCert and it will work, however with Postman & Apigee Edge, I have to send a Cert & Key for mutual TLS to work.
As per below, there is No Certificate Verify(15) from Source
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |