2way TLS with p12 in truststore

anonymous · December 17, 2019, 4:17pm

We have a P12 provided by target service owner which needs to be presented for a successful 2 way TLS handshake. I see TLS handshake fails when API proxy communicates with target service (via target server) when the same P12 truststore (cert and key pair) is referenced in both keystore and truststore. However, the same works when the cert is exported from P12 and references in truststore.

Did any one experience this behavior and can throw some light on this behavior?

Doesn’t Work:

{ “host” : “Host.com”, “isEnabled” : true, “name” : “TS_2WayTLS”, “port” : 443, “sSLInfo” : { “enabled” : “true”, “ignoreValidationErrors” : false, “clientAuthEnabled” : “true”, “keyAlias” : “P12Alias”, “keyStore” : “ref://P12storeRef”, “trustStore” : “ref://P12storeRef” } }

Works:

{ “host” : “Host.com”, “isEnabled” : true, “name” : “TS_2WayTLS”, “port” : 443, “sSLInfo” : { “enabled” : “true”, “ignoreValidationErrors” : false, “clientAuthEnabled” : “true”, “keyAlias” : “P12Alias”, “keyStore” : “ref://P12storeRef”, “trustStore” : “ref://P12CertRef” } }

Thanks, Ram

dchiesa1 · December 17, 2019, 11:57pm

GREAT, I’m glad you found a solution. Thanks for your experience. Surely this will help others, too.

Dealing with the various formats of TLS keys and certs can be tricky. I myself prefer to use the .PEM formats for everything; I find them easier to handle, examine, and so on.

Topic		Replies	Views
Invalid Trust Store \| Target \| 2 way SSL Apigee api-runtime	6	9	October 7, 2019
How to configure client-side SSL between apigee edge and backend? Apigee api-runtime	20	98	October 20, 2016
Can't configure Mutual SSL to target server - unexpected Handshake Failure Apigee api-runtime	4	8	September 16, 2016

2way TLS with p12 in truststore

AI Suggested topics