This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Securing Edgemicro with SSL

Posted on 03-01-2019 10:42 PM
etienned
New Member
Reply posted on --/--/---- --:-- AM

I am currently trying to secure my edgemicro gateway with SSL.


I have added the crt, key and ca in the config and when I call the gateway via https on postman(with SSL certificate verification enabled in postman) I get a successful response. However, I do not have any of the certificates loaded into my postman, thus I do not have to pass the cert&key and it will work just need to call https.

Additional note: I added a DNS entry on my laptop to route the certificate DNS name to localhost to test the server certificate(can't do the development on the server where the URL is routed too), not sure if that makes a difference.

How do I force the gateway to check that the client(postman in this case) is passing the correct certificates to the gateway?

edgemicro:
  port: 443
  max_connections: 1000
  config_change_poll_interval: 600
  ssl:
    key: >-
      C:\Users\...\key_dev.pem
    cert: >-
      C:\Users\...\cert.pem
    ca: >-
      C:\Users\...\Intermediate.crt

    rejectUnauthorized: true
0 4 244
Topic Labels
0 Likes
Reply
4 REPLIES 4

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

you also need

requestCert: true

this will cause MG to expect a cert from postman.

Reply

Posted on --/--/---- --:-- AM
etienned
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Thank You,

When I enable requestCert and add the certs to Postman i just get the standard "Couldn't get any response back" form postman, even if I disable SSL certificate verification in Postman I also get the same response back,, normally if I do that with Postman I get a response.

0 Likes
Reply

Posted on --/--/---- --:-- AM
etienned
New Member
In response to etienned
Reply posted on --/--/---- --:-- AM

@srinandans

I have created a self signed crt and key for localhost and I am not able to call it when passing the certs also, when I use Postman or Curl with Insecure, should I get a result from the gateway when requestCert is enabled? Because currently as soon as I enable requestCert then I can't get a response.

0 Likes
Reply

Posted on --/--/---- --:-- AM
etienned
New Member
In response to etienned
Reply posted on --/--/---- --:-- AM

So the issue was with using Curl and WinSSL, the Ciphers allowed in WinSSL was not compatible with the cert. After changing to OpenSSL it is working.

For postman not working: with Curl I can send only a cert as the serverCert and it will work, however with Postman & Apigee Edge, I have to send a Cert & Key for mutual TLS to work.

As per below, there is No Certificate Verify(15) from Source

8300-tls-not-working.jpg

0 Likes
Reply