It appears that if the back-end API servers offer an expired SSL certificate, Apigee will still connect. How do we configure Apigee to use 1-way SSL to connect to a backend but to not allow invalid/expired SSL certs, or at least to alarm loudly about the status when connecting?
Would a config like this work? where we enable SSL but set ClientAuth to false?
<TargetEndpoint name="default"> … <HTTPTargetConnection> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <TrustStore>myTrustStore</TrustStore> </SSLInfo> <URL>https://myservice.com</URL> </HTTPTargetConnection> … </TargetEndpoint>
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |