Creating vhosts with trustore

1) While creating a new vhost with SSL, if client Auth enabled is set to true, in this case do we have to add certs from all clients requesting this vhost into trust store?

2) Can we have multiple keystore for 2 way ssl with differerent backend systems.


3) Also we can create vhost with any keystore? Does vhost not have any dependency with keystores used for 2 way ssl with the backend?

Solved Solved
0 1 70
1 ACCEPTED SOLUTION

1) While creating a new vhost with SSL, if client Auth enabled is set to true, in this case do we have to add certs from all clients requesting this vhost into trust store?

- If each of the clients are having unique certificate chain issue by different CAs, then you need to upload each of them into the truststore.


The below community post explains this in detail how to add multiple cert chains into truststore.
https://community.apigee.com/articles/33021/adding-multiple-certificate-chains-to-a-trust-stor.html

2) Can we have multiple keystore for 2 way ssl with differerent backend systems.

- Yes, you can have it.

If you are using the same certificate, then it makes sense to have the same keystore for different backend system.

3) Also we can create vhost with any keystore? Does vhost not have any dependency with keystores used for 2 way ssl with the backend?

- Yes you can create a vhost with any keystore as long as the certificates within the keystore are as per the required format.

Correct, the vhost does not depend on the keystore used for 2 way SSL with backend.

View solution in original post

1 REPLY 1

1) While creating a new vhost with SSL, if client Auth enabled is set to true, in this case do we have to add certs from all clients requesting this vhost into trust store?

- If each of the clients are having unique certificate chain issue by different CAs, then you need to upload each of them into the truststore.


The below community post explains this in detail how to add multiple cert chains into truststore.
https://community.apigee.com/articles/33021/adding-multiple-certificate-chains-to-a-trust-stor.html

2) Can we have multiple keystore for 2 way ssl with differerent backend systems.

- Yes, you can have it.

If you are using the same certificate, then it makes sense to have the same keystore for different backend system.

3) Also we can create vhost with any keystore? Does vhost not have any dependency with keystores used for 2 way ssl with the backend?

- Yes you can create a vhost with any keystore as long as the certificates within the keystore are as per the required format.

Correct, the vhost does not depend on the keystore used for 2 way SSL with backend.