2-way TLS between api gateway and backend systems (2-way TLS between proxy and target server)

kalyaninturi
Participant II

I have a question on 2-way TLS.

If I enable 2-way TLS between proxy and target server, is apigee intelligent enough to identify

trustStore expired or revoked. If not, is there any way in apigee to implement CRL Check (check

trustStore is expired or revoked calling some other api) before handshake.

0 1 696
1 REPLY 1

Apigee supports OCSP (Online Certificate Status Protocol) for inbound TLS connections via Virtual Hosts:

https://docs.apigee.com/api-platform/fundamentals/virtual-host-property-reference

As I know, it is not available for TLS communications between Message Processors (Apigee) and target servers:

https://docs.apigee.com/api-platform/reference/endpoint-properties-reference

https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service