This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
The case you mentioned may be exactly the reason why Edge trusts all by
default. Any other default behavior would cause a downtime, eg: if
target cert changes from Godaddy signed to self signed, what do you
think Apigee should do for you NOT to have ...
I agree this should be documented.In this case, security is 100% in
user's hand. Users that are most security conscious will use TrustStore
to only trust their internal CA or their target cert, other may use
TrustStore to trust some commercial CAs, y...
Currently, if you don't define a TrustStore in SSLInfo, MP will trust
the target cert, whether expired or not, whether self signed or
commercially signed.