Hi,
I wanted to know, how does Apigee validate the client cert. We got a cert from our client they have kept cn=n/a and san=rk@gmail.com.
Would it work or SSL handshake can fail because of cn.
also any further info on what all fields are compared by apigee?
Apigee validates the inbound certificate based on the Trust Store you configure.
For northbound (inbound wrt Apigee) TLS, Apigee doesn’t validate or check the details in the cert, such as the CN or SAN. Rather, Apigee checks:
If either of those checks fail, then the inbound request will simply be rejected. If those checks pass, then the inbound request will be handed to your API Proxy.
In that latter case, You can configure your API proxy to, at that point, examine the information provided within the client cert information, and then optionally make authorization or service decisions based on that information. For example, your proxy can examine the DN and perform routing based on the OU, or authorization based on the CN, or enforce a binding between an OAuth token and a certificate serial number. Lots of options here. But these checks are optional, and are performed after TLS handshake, within the API Proxy.