Configure Mutual authentication for one proxy

Not applicable

Hi,

We want to enable mutual authentication for a proxy request from client. Where the certificate will be uploaded, where the key will be stored and how internally the mutual authentication mechanism works in apigee. Can anyone help me with how to do this? If any document or link is there, please share. If I have to set for all proxies, is it a good idea to do all these at apigee level or there is any alternative? Is it fine to store too many certificates at apigee Thanks...

Solved Solved
1 3 1,010
1 ACCEPTED SOLUTION

Not applicable

I finally did this using keystore and truststore of apigee. Added the server certificate in keystore and client certificates in truststore. For one proxy to have mtls I created one virtual host with 2 way tls and for other created virtual host with one way ssl. Certificate management in apigee is not simple as other gateway I have used. In apigee we need full certificate chain of the client to be added to the truststore.

Also to revalidate I added certificate serial number validation in the proxy.

View solution in original post

3 REPLIES 3

sidd-harth
Participant V

On Apigee level it can done using Keystore and Truststore. Please have a look at the below docs,

https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores

https://docs.apigee.com/api-platform/system-administration/ssl

Not applicable

I finally did this using keystore and truststore of apigee. Added the server certificate in keystore and client certificates in truststore. For one proxy to have mtls I created one virtual host with 2 way tls and for other created virtual host with one way ssl. Certificate management in apigee is not simple as other gateway I have used. In apigee we need full certificate chain of the client to be added to the truststore.

Also to revalidate I added certificate serial number validation in the proxy.

Thanks for the help, where did you find them? I tried to look for them not only on the site, but also on the internet, but unfortunately didn't manage to find anything. Now a bigger problem for me is to find a good proxy server. I am thinking to buy a couple of proxies for firefox, but can't manage to find a good company through all these offers. Can you recommend to me one that you have used before and now that it works well. Thanks in advance.