I have a question on 2-way TLS.
If I enable 2-way TLS between proxy and target server, is apigee intelligent enough to identify
trustStore expired or revoked. If not, is there any way in apigee to implement CRL Check (check
trustStore is expired or revoked calling some other api) before handshake.
Answer by Imesh Gunaratne · May 16, 2019 at 05:31 AM
Apigee supports OCSP (Online Certificate Status Protocol) for inbound TLS connections via Virtual Hosts:
https://docs.apigee.com/api-platform/fundamentals/virtual-host-property-reference
As I know, it is not available for TLS communications between Message Processors (Apigee) and target servers:
https://docs.apigee.com/api-platform/reference/endpoint-properties-reference
https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service
Setup 2 way SSL on free org 1 Answer
Adding CA signed client certs to truststore for northbound 2-way TLS connections 2 Answers
Two Way ssl certificate 2 Answers
How to do 2-way SSL with NetScaler load balancer as client to Apigee Cloud.... 1 Answer
Accessing Certificate info of Target Server in Two way mTLS 1 Answer