Hello,
I am wondering if its possible to have two virtual host in same org+env with same alias and port for below use case.
I would like to set one proxy for two way TLS and second proxy for one way SSL in same alias and port.
I have read following post by @Dino
https://community.apigee.com/questions/36406/2-way-tls-between-tls-client-and-edge.html
but it did not work for me as expected.
I tried following to create two virtual host:
first one "secure":
{
"name":"secure",
"hostAliases": ["myorg-main.apigee.net"],
"port": "443",
"sSLInfo": {
"clientAuthEnabled": "false",
"enabled": "true",
"ignoreValidationErrors": false,
"keyAlias": "freetrial",
"keyStore": "freetrial",
"protocols": []
}
}
Second one "twoWayTLS":
{
"name":"twoWayTLS",
"hostAliases": ["myorg-main.apigee.net"],
"port": "443",
"sSLInfo": {
"clientAuthEnabled": "true",
"enabled": "true",
"ignoreValidationErrors": false,
"keyAlias": "freetrial",
"keyStore": "freetrial",
"trustStore": "ref://rootTrustStore",
"protocols": []
}
}
I have created trust store uploaded root certificate in trust Store, created references, and created two proxies.
1. proxy1 with basepath "/oneway" with vhost "secure"
2. proxy2 with basepath "/twoway" with vhost "twoWayTLS"
My expectations:
1. client calling without certificate to proxy1 should go through.
i.e. https://myorg-main.apigee.net/oneway
2. client calling with valid certificate to proxy2 should go through
i.e. https://myorg-main.apigee.net/twoway
3. client calling without certificate/invalid certificate to proxy2 should fail.
i.e. https://myorg-main.apigee.net/twoway
But all the calls to both proxies are passing.
If I remove vhost "secure" and make api call to proxy2 without certificate/invalid certificate its failing. And with valid certificate its passing. So I know that proxy2 is working as expected by having only one virtual host.i.e. "twoWayTLS"
Am I missing something ?
Thanks,
LinkedIn
Twitter
