Enalbing TLS on BaaS with certs signed by Private CA

rmishra
Participant V

Hello,

I followed the instructions on http://docs.apigee.com/private-cloud/latest/configuring-tls-api-baas to configure TLS for the Baas Portal and the BaaS Stack.

My goal is to enable the user to access the BaaS portal over HTTPS and for BaaS portal to access BaaS stack over HTTPS . However, i use certs signed by a private CA

When everything is on HTTP, the system works.When i transition them to HTTPS , i can't login, the page keeps loading.

How do i load custom CA certs so that the BaaS stack will allow HTTPS connections from BaaS Portal when they both use certs signed by a private CA?

Solved Solved
0 2 140
1 ACCEPTED SOLUTION

Not applicable

This answer applies for 17.01 onward. It looks like the trust store is not configurable using Apigee's configuration override process. Because of this, you will need to update one of the source installation files directly until it can be exposed in the configuration override:

/opt/apigee/baas-usergrid/source/conf/server.xml

In this file, you can find configurations for keystoreType, keystoreFile, keystorePass, keyAlias, and clientAuth. You will need to add some additional lines to the Tomcat HTTP connector configuration:

truststoreFile, truststorePass, truststoreProvider as referenced here: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Common_Attributes. After configuring this source file, you should run the configure action so that the tokenized source files are updated, then restart BaaS:

apigee-service baas-usergrid configure

apigee-service baas-usergird restart

View solution in original post

2 REPLIES 2

Not applicable

This answer applies for 17.01 onward. It looks like the trust store is not configurable using Apigee's configuration override process. Because of this, you will need to update one of the source installation files directly until it can be exposed in the configuration override:

/opt/apigee/baas-usergrid/source/conf/server.xml

In this file, you can find configurations for keystoreType, keystoreFile, keystorePass, keyAlias, and clientAuth. You will need to add some additional lines to the Tomcat HTTP connector configuration:

truststoreFile, truststorePass, truststoreProvider as referenced here: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Common_Attributes. After configuring this source file, you should run the configure action so that the tokenized source files are updated, then restart BaaS:

apigee-service baas-usergrid configure

apigee-service baas-usergird restart

Thanks, very helpful