We have a requirement to extract target server certificate presented at runtime in a two-way mTLS configuration.
I understand we have some variables available at runtime as defined ( here : https://docs.apigee.com/api-platform/reference/variables-reference#target)
But we are specifically looking at validating below points :
Apigee validates that target endpoints present a trusted, valid Certificate. Apigee validates the certificate chain, to a trusted root that you have configured in your Truststore. Apigee also checks the expiry.
For revocation, I don't believe the Apigee southbound connection verifies OCSP assertions.
In the next-generation SaaS release, expected to arrive this year, You'll be able to use OCSP-stapling on the certs for the respective peers used on the target endpoints.
Thanks Dino for the confirmation.
We have on-prem setup and I will look into how we can put in place OCSP assestions at runtime.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |