This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Has anyone validated client certificates in Edge? Client to Apigee Flow

Posted on 06-02-2016 09:35 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi - i am looking to the community to see what the best/easiest way to validate client certificates (Client to Apigee) is, if its possible, and any experience notes anyone might have on this.

Note: im talking about doing this inside a proxy w/o having to write a custom callout (or maybe thats the way to do it?)

Solved Solved
1 9 2,029
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
atoombs
Staff
Reply posted on --/--/---- --:-- AM

Hi @Benjamin Goldman,

I see, I was jumping ahead. This can be done in the VirtualHost (and the cURL above would come after for sanity check).

Cloud customers currently need to submit a Support ticket, OPDK customers can do this per the Ops guide. The VirtualHost would be configured something like the following. In this example, the keystore contains the server cert and private key, and the truststore contains the client certificate(s) (NO private key). 

{
  "VirtualHost": {
    "-name": "twowayssl",
    "HostAliases": { "HostAlias": "api.example.com" },
    "Port": "8443",
    "SSLInfo": {
      "ClientAuthEnabled": "true",
      "Enabled": "true",
      "IgnoreValidationErrors": "false",
      "KeyAlias": "keyalias",
      "KeyStore": "keystore",
      "Protocols": { "Protocol": "TLSv1" },
      "TrustStore": "truststore"
    }
  }
}

Does this help?

View solution in original post

Jump to Solution
9 REPLIES 9
Top Solution Authors
View all