This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Self-signed certificates in one way TLS connection

Posted on 11-29-2017 12:57 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Am I getting it right that Apigee will not throw any error if target server is configured like this:

{
  "host" : "<ip_address>",
  "isEnabled" : true,
  "name" : "<name>",
  "port" : 443
}



regardless if the certificate is self-signed on the backend server? Because that's what i'm seeing from my current Apigee setup. In terms of cURL Apigee acts like this:

curl --insecure https://<ip_address>:443
1 1 1,198
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

@Arsen Arutyunyan,

Since you have a target server without having the truststore, Edge will not verify the server's certificate. Hence if there are any issues with certificate, Edge will not do anything about it.

1. If it's a secure connection, you always need to have the SSLInfo section and set the Enabled flag set to true as shown below:

<SSLInfo> 
      <Enabled>true</Enabled> 
</SSLInfo>

2. If you are using self-signed certificates on the backend servers, then it is suggested that you need to have a truststore on Edge and upload the server's certificate and certificate chain.

Please refer to the section "Configuring one-way TLS to the backend server" in the following documentation link for more details.

0 Likes