Hi,
I have read the documents about mTLS(2 way TLS ) and got to know that we need to add truststore in mtls with keystore. (as shown in below diagram)
But in the apigee documentation, there is no such configuration present in the .properties file.
conf_message-processor-communication_local.http.ssl=true conf/message-processor-communication.properties+local.http.port=8443 conf/message-processor-communication.properties+local.http.ssl.keystore.type=jks conf/message-processor-communication.properties+local.http.ssl.keystore.path=/opt/apigee/customer/application/keystore.jks conf/message-processor-communication.properties+local.http.ssl.keyalias=apigee-devtest # Enter the obfuscated keystore password below. conf/message-processor-communication.properties+local.http.ssl.keystore.password=OBF:obsPword Also can i get .properties file for zookeeper, Cassandra, management server, Qpid server, PostgreSQL, and SMTP server?
By your question I believe you have not read the documentation on the topic, or you have not understood what you read.
This part in particular is important:
The Apigee mTLS service mesh consists of Consul servers that run on each ZooKeeper node in your cluster and the following Consul services on every node in the cluster:
For example, when the Management Server sends a message to the Router, the egress proxy service intercepts the outgoing message, encrypts it, and then sends it to the Router. When the Router's node receives the message, the ingress proxy service decrypts the message and then passes it to the Router component for processing.
This all happens transparently to the Edge components: they are unaware of the encryption and decryption process carried out by the Consul proxy services.
Hi thanks for your response but all I wanted to know is the way we are configuring keystore in the . properties file. Do we have to configure trust store also?
If yes then why it is not in the above piece of configuration?
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |