Quick Question. Who's keystore and truststore in this block?

Not applicable

The following configuration are placed under target endpoint to configure 2waySSL.

Who's KeyStore, KeyAlias, TrustStore in this block? Are they Client Side or Server Side?

<HTTPTargetConnection>

<Properties/>

<SSLInfo>

<Enabled>true</Enabled>

<ClientAuthEnabled>true</ClientAuthEnabled>

<KeyStore>ref://whose keystore</KeyStore>

<KeyAlias>whose keyalias</KeyAlias>

<TrustStore>ref://whose truststore</TrustStore>

</SSLInfo>

<URL>target endpoint url </URL>

</HTTPTargetConnection>

Solved Solved
0 3 158
1 ACCEPTED SOLUTION

rmishra
Participant V

For two way TLS(target server configuration perspective):

In Apigee,

Keystore - Stores the cert which Apigee will present to the Target API

Truststore - Stores the CA's which Apigee will use to validate the Target API Cert

In your Target API Installation,

Keystore - Stores the cert which Target API will present to the Apigee

Truststore - Stores the CA's which Target API will use to validate Apigee Certs

If your certs are signed by a well known commercial CA, you may not need to update Truststores.

View solution in original post

3 REPLIES 3

rmishra
Participant V

In this particular configuration, Apigee is the client to a target server.

The keystore would be where Apigee's identity cert is stored

The truststore would store the CA's which can validate the target server's cert

Hello rmishra, Thank you for your answer. You help me to understand clearly.

I want to confirm with you one thing more to configure 2way SSL.

As you said that these keystore and truststore refer client's keystore and truststore.

Then, I also need to create a keystore on our server and create a truststore on Apigee to validate server’s cert from Apigee if the server’s cert are not signed by a trusted CA.

This is not I have not done yet. Is this correct what I need to do?

rmishra
Participant V

For two way TLS(target server configuration perspective):

In Apigee,

Keystore - Stores the cert which Apigee will present to the Target API

Truststore - Stores the CA's which Apigee will use to validate the Target API Cert

In your Target API Installation,

Keystore - Stores the cert which Target API will present to the Apigee

Truststore - Stores the CA's which Target API will use to validate Apigee Certs

If your certs are signed by a well known commercial CA, you may not need to update Truststores.