2-Way SSL between Client and Edge

We want to have following security settings for our on-premise environment:

Client to APIGEE Edge---> Two way SSL

APIGEE Edge to Target backend--> No SSL (Plain HTTP)

Please help me how to configure as above.

0 4 304
4 REPLIES 4

sidd-harth
Participant V

Hi @Ajmal Hussain, In your scenario, the client is going to call the API proxies deployed in APigee. A virtual host also defines whether the API proxy is accessed by using the HTTP protocol, or by the encrypted HTTPS protocol that uses TLS. When configuring a virtual host to use HTTPS and TLS, you create a virtual host on Edge and configure the virtual host to use a keystore and truststore.

Did you check out the docs?

https://docs.apigee.com/api-platform/system-administration/creating-virtual-host

https://docs.apigee.com/api-platform/system-administration/creating-virtual-host#creatingavirtualhos...

Dear @Siddharth Barahalikar, Many thanks for a prompt reply.

I looked into the given documents but a slight confusion is that how can I modify the existing virtual host with the below configurations:

<VirtualHostname="myTLSVHost"><HostAliases> <HostAlias>apiTLS.myCompany.com</HostAlias> </HostAliases> <Interfaces/> <Port>9006</Port> <OCSPStapling>off</OCSPStapling> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <KeyStore>ref://myTestKeystoreRef</KeyStore> <KeyAlias>myKeyAlias</KeyAlias> </SSLInfo></VirtualHost>

Do I need to run any command on APIGee node for this?

Please note that I am new to APIGee.

@Ajmal Hussain, you can use the management API to create or update virtual hosts. Note: it may require restart of message processor. Refer to the docs - https://docs.apigee.com/api-platform/fundamentals/configuring-virtual-hosts-private-cloud

Use Apigee Management APIs for ENterprise Cloud Account,

Update TLS configuration for an existing virtual host

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_nam...

--

Follow Nagashree's answer for On-Prem installation.