This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

mTLS requirement

Posted on 09-09-2021 03:18 AM
sjm2000
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Dear Team,

We have a requirement of mTLS on APIGEE private cloud 4.50 .

  • Producer of the service is an external organization.
  • Consumer is APIGEE on-premise 4.50

The service is protected by mutual TLS for outbound connections to external organization. Below are the steps as i understand is required.

 

  1. APIGEE need to create a csr and send to an external organization  .
  2. The csr will be signed by external organization  .
  3. It needs to be installed on APIGEE . (for outbound connections to external organization).
  4. After signing by external organization the certificate to be updated in APIGEE

Do we have a step by step documentation as this must be a common scenario ?

Regards

SM

Solved Solved
0 6 1,306
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mw970
Staff
Reply posted on --/--/---- --:-- AM

My understanding of your setup is as follows:

  • Client is Apigee Private Cloud 4.50.00
  • External service requires 2-way/mTLS connection
  • As such, Apigee Message processors will need to store client key and certificate in a keystore and send this to the target service which would need to verify same in order to establish a TLS connection

Can you confirm this is the desired configuration? If so, please elaborate on why a CSR process is needed - usually, the external provider at the target, would provide you with a client key and certificate to load into a keystore at Apigee for use in mTLS configuration.
If your team is maintaining the target service also and is wishing to generate a CSR and private key to provide to a signing authority in order to obtain this certificate, most signing authorities have tutorials and even wizards for this. You can use openssl, java keytool, etc. SSL Shopper has this handy guide for using OpenSSL to generate a CSR and private key.

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6
Top Solution Authors
View all