two way SSL

Report Inappropriate Content · 10-03-2017 01:40 AM

Hi

Could you please guide me if i need to setup 2 way ssl and validate client based on trust store , how to configure a proxy.

We are trying to configure a API proxy to our services

Thanks

Bhanu

Report Inappropriate Content

@Sean Davis Could you please help on this

adevegowda

@bhanuprakashparvataneni

1. To setup a 2 way SSL between client and Edge, you need to create a virtual host with SSLInfo Section

a) Having ClientAuthEnabled flag set to true

b) With Keystore and Truststore created with appropriate certificates and private key (only for Keystore)

A sample Virtual Host would look something like this:

<VirtualHost  name="TwoWaySecureVH">
      <HostAliases>
        <HostAlias>apiTLS.myCompany.com</HostAlias>
      </HostAliases>
      <Interfaces/>
      <Port>443</Port>
      <SSLInfo>
        <Enabled>true</Enabled>
        <ClientAuthEnabled>false</ClientAuthEnabled>
        <KeyStore>ref://keystoreref</KeyStore>
        <KeyAlias>myKeyAlias</KeyAlias>
        <TrustStore>ref://truststoreref</TrustStore>
      </SSLInfo>
  </VirtualHost>

This will allow you to validate the client's certificate with the certificate stored in the Truststore in Edge.

2. Within the API Proxy (ies) in which you want to use 2 way SSL, use this Virtual Host in the Proxy Endpoint as follows:

<ProxyEndpoint name='default'>
  <HTTPProxyConnection>
    <BasePath>/myproxy</BasePath>
    <Properties/>
    <!-- specify the name of the vhost here  -->
    <VirtualHost>TwoWaySecureVH</VirtualHost>
  </HTTPProxyConnection>
  ...

Please refer to the following docs and community links for more information on configuring TLS (1 way/2 way) for API proxies:

Configuring TLS

2 way TLS between TLS client and Edge

Regards,

Amar