Hi
Could you please guide me if i need to setup 2 way ssl and validate client based on trust store , how to configure a proxy.
We are trying to configure a API proxy to our services
Thanks
Bhanu
@Sean Davis Could you please help on this
1. To setup a 2 way SSL between client and Edge, you need to create a virtual host with SSLInfo Section
a) Having ClientAuthEnabled flag set to true
b) With Keystore and Truststore created with appropriate certificates and private key (only for Keystore)
A sample Virtual Host would look something like this:
<VirtualHost name="TwoWaySecureVH"> <HostAliases> <HostAlias>apiTLS.myCompany.com</HostAlias> </HostAliases> <Interfaces/> <Port>443</Port> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <KeyStore>ref://keystoreref</KeyStore> <KeyAlias>myKeyAlias</KeyAlias> <TrustStore>ref://truststoreref</TrustStore> </SSLInfo> </VirtualHost>
This will allow you to validate the client's certificate with the certificate stored in the Truststore in Edge.
2. Within the API Proxy (ies) in which you want to use 2 way SSL, use this Virtual Host in the Proxy Endpoint as follows:
<ProxyEndpoint name='default'> <HTTPProxyConnection> <BasePath>/myproxy</BasePath> <Properties/> <!-- specify the name of the vhost here --> <VirtualHost>TwoWaySecureVH</VirtualHost> </HTTPProxyConnection> ...
Please refer to the following docs and community links for more information on configuring TLS (1 way/2 way) for API proxies:
2 way TLS between TLS client and Edge
Regards,
Amar
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |