Platform Certificates for mutual auth

Not applicable

Hi All

We are on public cloud for our enterprise.For southbound connectivity to on-premise network we are looking at establishing a mutual auth connection. I was thinking of defining a platform level keystore and truststore for southbound connectivity that can be used for multiple sensitive API backends. How good an idea it is to use the same TLS certificate/Key as used in the Northbound Keystore ? I know i can use the same northbound keystore itself but just segregating the keystores to avoid confusion in future.

Any risks and pointers are appreciated.

0 2 474
2 REPLIES 2

Hi @sumeetchawla,

Its good practice to have separate keystore for northbound and southbound just for the ease of managing the certs.

One thing to Note is that when there is SSL handshake where APIGEE is acting as server(Northbound), all the domain/server/leaf certificates present in the Truststore will be shared.

Thanks and Regards,

Gaurav Bhandari

Yes Gaurav i am creating a new Keystore for sure as a best practice, my question is around should i use the same certifciate/key as in the northbound. Anyways even in southbound connectivity (Mutual Auth) the client apigee in this case will have to present the domain/server/leaf certificates. I am just trying access risk if there is any of reusing the same certifcaite in the Northbound and Southbound.

Regards

Sumeet Chawla