This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Configure 2-way TLS between Apigee Edge Microgateway and Apigee Edge Cloud

Posted on 11-06-2017 06:57 AM
davidebozza
New Member
Reply posted on --/--/---- --:-- AM

Hello,

From the Apigee doc I understand that it is possible to configure the Apigee microgateway to support the client TLS when connecting to target endpoints, however I didn't find anything concerning the client TLS between the microgateway and Edge Public Cloud.

Is this possible?

What we would like to do is to secure the connection between the microgateway and Edge Cloud so that only the micrgateways having a specific client certificate would be able to call Edge Cloud to retrieve the public key (https://myorg-myenv.apigee.net/edgemicro-auth/publicKey), the list of products (https://myorg-myenv.apigee.net/edgemicro-auth/products), etc.

Thanks in advance,

Davide

Solved Solved
0 6 1,040
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

You missed the section just above the link you pasted: https://docs.apigee.com/microgateway/latest/operation-and-configuration-reference-edge-microgateway#...

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

You missed the section just above the link you pasted: https://docs.apigee.com/microgateway/latest/operation-and-configuration-reference-edge-microgateway#...

Jump to Solution

Posted on --/--/---- --:-- AM
davidebozza
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Hello Srinandan,

I already knew that section, but unfortunately that doesn't help me.

Tha section refers to setting up the microgateway to support TLS when receiving traffic, so a server. What I need to do it to setup the 2 way TLS to secure the microgateways' connections with Edge Cloud. In this case the microgateway would be the client.

Hope this clarifies.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to davidebozza
Reply posted on --/--/---- --:-- AM

ah! right. I got it. I should've read it more closely.

The answer is yes, but not out-of-the-box. It will require two changes:

1) You will have to setup a virtual host in Apigee Edge that enables two way TLS. That's the easy part.

2) We'd have to make some changes to MG to use client certs when making the connection to those endpoints. For this change, you're welcome to submit a PR or open an issue of GitHub and we'll add it to the future releases.

NOTE: The endpoint used by MG for analytics will NOT have two way TLS. That will continue to use one way TLS and OAuth.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidebozza
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Hello,

Thanks for the help!

No problem for the analytics, but at least we would secure the access to the /edgemicro-auth/products and /edgemicro-auth/publicKey resources, today completely opened.

Concerning point (2), do you have a link concerning GiHub?

Do you have an idea about the time needed for this feature to be released?

Thanks again!

Davide

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to davidebozza
Reply posted on --/--/---- --:-- AM

For Issues: https://github.com/apigee-internal/microgateway/issues

For contributions: https://github.com/apigee-internal/microgateway

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidebozza
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Issue requested => https://github.com/apigee-internal/microgateway/issues/150

Jump to Solution
0 Likes