This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

In mTLS do we need to add Truststore configuration in .properties file?

Posted on 02-01-2021 07:12 AM
aayushi8218
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I have read the documents about mTLS(2 way TLS ) and got to know that we need to add truststore in mtls with keystore. (as shown in below diagram)

Setting up mutual authentication | ServiceNow Docs

But in the apigee documentation, there is no such configuration present in the .properties file.

conf_message-processor-communication_local.http.ssl=true
conf/message-processor-communication.properties+local.http.port=8443
conf/message-processor-communication.properties+local.http.ssl.keystore.type=jks
conf/message-processor-communication.properties+local.http.ssl.keystore.path=/opt/apigee/customer/application/keystore.jks
conf/message-processor-communication.properties+local.http.ssl.keyalias=apigee-devtest
# Enter the obfuscated keystore password below.
conf/message-processor-communication.properties+local.http.ssl.keystore.password=OBF:obsPword


Also can i get .properties file for zookeeper, Cassandra, management server, Qpid server, PostgreSQL, and SMTP server?

0 2 224
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

By your question I believe you have not read the documentation on the topic, or you have not understood what you read.

This part in particular is important:

The Apigee mTLS service mesh consists of Consul servers that run on each ZooKeeper node in your cluster and the following Consul services on every node in the cluster:

  • An egress proxy that intercepts outgoing messages on the host node. This service encrypts outgoing messages before sending them to their destination.
  • An ingress proxy that intercepts incoming messages on the host node. This service decrypts incoming messages before sending them to their final destination.

For example, when the Management Server sends a message to the Router, the egress proxy service intercepts the outgoing message, encrypts it, and then sends it to the Router. When the Router's node receives the message, the ingress proxy service decrypts the message and then passes it to the Router component for processing.

This all happens transparently to the Edge components: they are unaware of the encryption and decryption process carried out by the Consul proxy services.

0 Likes

Posted on --/--/---- --:-- AM
aayushi8218
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi thanks for your response but all I wanted to know is the way we are configuring keystore in the . properties file. Do we have to configure trust store also?

If yes then why it is not in the above piece of configuration?

0 Likes