This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Self-signed cert (north bound) again

Posted on 10-09-2020 08:30 AM
guycrets
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Can't get mTLS from client to Edge to work anymore with only only self-signed cert(s) in the Truststore: "400 No required SSL certificate was sent".

Experience this both on-prem (4.19.01) and SAAS version.

Did work on-prem (version 4.17 or was it version 4.18?) as described in my question from 2 yrs ago.

This doc contains remark at the top that self-signed cert is no longer allowed/supported, but remains unclear as it later continues about upload of self-signed certs.

Q1: is it no longer supported to only import self-signed certs into a Truststore to establish trust?

Q2: authentication of mTLS clients should always be done within proxy leveraging the tls.client.* variables?

0 2 160
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

First of all I would say self signed certificate should not be used for business purpose. You could use that only for testing.

We normally use CA provided certificate. And you should not rely on self signed certificate. Apigee can revoke those at any point of time.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to
Reply posted on --/--/---- --:-- AM

I would say self signed certificate should not be used for business purpose. You could use that only for testing.

This is not true.

0 Likes