ClientCertificate apigee to Soap

Hi, I have Soap Service (WCF) that I cant do a request with clientCertificate from a local consoleApp.

But I can not get it to work on Apigee.

All I see around is about TLS..

I want to use a ClientCertificate(apigee is the client) (CA:FALSE) in the request, to validate on may Backend Service.
I have the AppService and certificate running on Azure (.pfx)

Can Someone Help?

This is my web.config file local, which Is working fine (for test pourpose)

8623-webconfiglocal.png

0 3 179
3 REPLIES 3

ylesyuk
Participant V

You need to follow instruction in Configuring two-way TLS to the backend server at this page:

https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service#conf...

You should have:

a) client certificate;

b) client key;

c) server trust chain

As you have your client key and certificate in pfx format, you need to convert them to pem format. You can do it using many different way. Example,

openssl pkcs12 -in <pkcs-12-certificate-and-key-file> -out <pem-certificate-and-key-file> 

Then you need to

1. create keystore and keystoreref

2. create truststore and truststoreref

3. configure target endpoint by referring to the above stores and key

<TargetServer name="target1">
  ...
  <SSLInfo>
    <Enabled>true</Enabled>
    <ClientAuthEnabled>true</ClientAuthEnabled>
    <KeyAlias>myKeystore</KeyAlias>
    <KeyStore>myKey</KeyStore>
    <TrustStore>ref://myTrustStoreRef</TrustStore>
  </SSLInfo>
</TargetServer>

In my local test, I get the same message when "Security mode=Transport".
and It works when i change to "TransportWithMessageCredential"

How can I set this on Apigee ?

Hi Wiliam,

Ok, ignore my answer then, I misunderstood your question.

Basically, the question is you're having WCF service and Apigee is a JEE application. We do not have an out of the box support for such. I looked briefly on writing a Java client to call WCF with TransportWithMessageCredential.

It looks like Axis2 library from Apache project supports this type of invocation. Therefore, we need to write a Java Callout that would have a java code that would implement the call.

I sort of aware that in some engagements we successfully implemented Apigee to WCF call, but cannot say outright if TransportWithMessageCredential was used.

Let me ask around...