Hi All,
what is difference between below two approach for MTLS (between apigee and target server)
It’s a matter of what you find to be more readable and maintainable.
If you are not using TargetServers then… you need tht SsLInfo to be in the HTTPTargetConnection.
If you ARE using TargetServers, and each one is different, it’s usually better to specify the TLS configuration for each TargetServer. Keep the configuration close to the thing that relies on it. The SSLInfo in the TargetEndpoint will act as a fallback.
If you are using TargetServers and the TLS for each one is the same, then… it probably makes sense to not duplicate the SSLInfo config. Specifying it once in the TargetEndpoint might make sense. There is still a potential for duplication though - if you are using these TargetServers in multiple proxies, then… you’d need to specify the SSLInfo in multiple proxies.
Remember the TLS settings within SSLInfo can reference variables, so you could have the TLS configuration (SSLInfo) in the TargetEndpoint driven by dynamically-determined context variables. That’s really powerful.
Remember though, in a load-balanced environment, you can’t know which TargetServer is selected until after the selection.
Thanks @DChiesa2023 for clear shot explanation. Doubts cleared…
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.