Self-signed cert (north bound) again

anonymous · October 9, 2020, 3:30pm

Can’t get mTLS from client to Edge to work anymore with only only self-signed cert(s) in the Truststore: “400 No required SSL certificate was sent”.

Experience this both on-prem (4.19.01) and SAAS version.

Did work on-prem (version 4.17 or was it version 4.18?) as described in my question from 2 yrs ago.

This doc contains remark at the top that self-signed cert is no longer allowed/supported, but remains unclear as it later continues about upload of self-signed certs.

Q1: is it no longer supported to only import self-signed certs into a Truststore to establish trust?

Q2: authentication of mTLS clients should always be done within proxy leveraging the tls.client.* variables?

anonymous · October 9, 2020, 4:33pm

First of all I would say self signed certificate should not be used for business purpose. You could use that only for testing.

We normally use CA provided certificate. And you should not rely on self signed certificate. Apigee can revoke those at any point of time.

dchiesa1 · June 3, 2021, 8:27pm

I would say self signed certificate should not be used for business purpose. You could use that only for testing.

This is not true.

Topic		Replies	Views
Self signed cert for 2-way SSL Apigee api-runtime	4	14	August 10, 2017
Mutual TLS Certificate Error When Single Signed Cert in Truststore Apigee api-runtime	1	12	March 31, 2020
Two Way ssl certificate Apigee api-runtime	6	13	June 21, 2018

Self-signed cert (north bound) again

AI Suggested topics