This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to secure my on-prem Endpoint ?

Posted on 03-11-2018 10:52 PM
Not applicable
Reply posted on --/--/---- --:-- AM

How to secure my on-prem Endpoint which is public when wrapping it on cloud ?

0 1 495
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Mutual TLS ?

For authenticating your in-prem system.

  1. create or provision a signed certificate for your on-prem system. It should use the DNS name that will resolve to the IP address of your target system. Maybe internal-endpoint.api.mycompany.com . You can use a self-signed cert, but it's better to get a cert from a Certificate Authority (CA). Your company probably has one that you use for the web property, but if you don't you can use a free CA like Letsencrypt.
  2. Install the private key on the http endpoint in your on-prem system.
  3. Install the corresponding cert (or cert chain as appropriate) in a trust-store in the Apigee Edge cloud, and configure the SSLInfo for the target endpoint to point to that truststore.

For authenticating Apigee Edge

  1. create or provision a separate TLS cert for the "client". This need not have any hostname but should have a Common Name associated to the Apigee Edge SaaS/. Maybe "apigee-client.api.mycompany.com"
  2. install the private key into a keystore in Apigee Edge.
  3. configure the SSLInfo in the TargetEndpoint to use that Keystore for authentication.
  4. configure your on-prem system to authenticate clients, and use the corresponding cert from step 1 for the trust store on the on-prem side.

This is described in much greater detail here:

https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service

0 Likes