Dear Team,
We have a requirement of mTLS on APIGEE private cloud 4.50 .
The service is protected by mutual TLS for outbound connections to external organization. Below are the steps as i understand is required.
Do we have a step by step documentation as this must be a common scenario ?
Regards
SM
Solved! Go to Solution.
My understanding of your setup is as follows:
Can you confirm this is the desired configuration? If so, please elaborate on why a CSR process is needed - usually, the external provider at the target, would provide you with a client key and certificate to load into a keystore at Apigee for use in mTLS configuration.
If your team is maintaining the target service also and is wishing to generate a CSR and private key to provide to a signing authority in order to obtain this certificate, most signing authorities have tutorials and even wizards for this. You can use openssl, java keytool, etc. SSL Shopper has this handy guide for using OpenSSL to generate a CSR and private key.
My understanding of your setup is as follows:
Can you confirm this is the desired configuration? If so, please elaborate on why a CSR process is needed - usually, the external provider at the target, would provide you with a client key and certificate to load into a keystore at Apigee for use in mTLS configuration.
If your team is maintaining the target service also and is wishing to generate a CSR and private key to provide to a signing authority in order to obtain this certificate, most signing authorities have tutorials and even wizards for this. You can use openssl, java keytool, etc. SSL Shopper has this handy guide for using OpenSSL to generate a CSR and private key.
Here the client key Is generated at apigee end and provided to external provider at target to be signed by their own CA .
That's the reason . Hope it's clarified .
Thanks for clarifying, the link from sslshopper with openssl steps to generate CSR and key would be a good starting point.
Work with your internal PKI group (public key infra) for certificate provisioning who can guide with the CSR process. Follow below to enable 2-way ssl from apigee to backend service.
https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service
I was expecting this to be performed via user interface provided for on premise customers for key store .
Menu-- admin -- TLS certificates
Any comments / suggestions ?
Not sure what's the thought process in general(if you comparing some other products :)) you need to procure certs (by internal /external) then you can just follow the instructions from the docs to to upload the certs and setup mutual tls.
Just FYI: Good read https://docs.apigee.com/api-platform/system-administration/about-ssl
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |