How to retrieve key alias for SSL Info in Service Callout

Not applicable

I use a Service Callout policy in my proxy and need to define SSL Info. Where can I locate the required key alias? I need it to populate the Key Alias element shown below -

<SSLInfo>
  <Enabled>true</Enabled>
  <ClientAuthEnabled>true</ClientAuthEnabled>
  <KeyStore>myKeystore</KeyStore>
  <KeyAlias>myKey</KeyAlias>
  <TrustStore>myTrustStore</TrustStore>
</SSLInfo>
0 4 1,656
4 REPLIES 4

Hi @Eskinder,

Do you need the Service Callout to use 2-way SSL (aka Client-SSL), or is the endpoint hosting a self-signed certificate?

If there are no special Client-SSL or certificate trust requirements, then there should be no special SSLInfo config needed.

If you need special SSL config, your Service Callout policy would need the SSLInfo section populated, for example:

<HTTPTargetConnection>
	<Properties/>
	<URL>http://example.com</URL>
	<SSLInfo>
		<Enabled>true</Enabled>
		<ClientAuthEnabled>true</ClientAuthEnabled>
		<KeyStore>myKeystore</KeyStore>
		<KeyAlias>myKey</KeyAlias>
		<TrustStore>myTrustStore</TrustStore> 
	</SSLInfo>
</HTTPTargetConnection>

More information on this can be found here.

I hope this helps. Thanks!

Hi @Alex, yes I want to use 2-way SSL. Where do I retrieve the key alias to populate the KeyAlias element? I understand the format of the SSL config as I indicated in the original question. Thanks!

Hi!,

I have the same question, can you please help where i can we get the key alias value.

adas
Participant V
@Riaz Mohammed

Here's the call:

curl -v https://api.enterprise.apigee.com/v1/o/{o}/e/{e}/keystores/{keystore}

This call would return you a response like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<KeyStore name="freetrial">
    <Certs>
        <Cert>freetrial-cert</Cert>
    </Certs>
    <Keys>
        <Key>freetrial</Key>
    </Keys>
</KeyStore>

The keyalias would be the value of the <Key> element, in this case "freetrial". If there are multiple keys, you will see each of the key aliases.