Hi
Could you please guide me if i need to setup 2 way ssl and validate client based on trust store , how to configure a proxy.
We are trying to configure a API proxy to our services
Thanks
Bhanu
@Sean Davis Could you please help on this
- To setup a 2 way SSL between client and Edge, you need to create a virtual host with SSLInfo Section
a) Having ClientAuthEnabled flag set to true
b) With Keystore and Truststore created with appropriate certificates and private key (only for Keystore)
A sample Virtual Host would look something like this:
<VirtualHost name="TwoWaySecureVH">
<HostAliases>
<HostAlias>apiTLS.myCompany.com</HostAlias>
</HostAliases>
<Interfaces/>
<Port>443</Port>
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>false</ClientAuthEnabled>
<KeyStore>ref://keystoreref</KeyStore>
<KeyAlias>myKeyAlias</KeyAlias>
<TrustStore>ref://truststoreref</TrustStore>
</SSLInfo>
</VirtualHost>
This will allow you to validate the client’s certificate with the certificate stored in the Truststore in Edge.
- Within the API Proxy (ies) in which you want to use 2 way SSL, use this Virtual Host in the Proxy Endpoint as follows:
<ProxyEndpoint name='default'>
<HTTPProxyConnection>
<BasePath>/myproxy</BasePath>
<Properties/>
<!-- specify the name of the vhost here -->
<VirtualHost>TwoWaySecureVH</VirtualHost>
</HTTPProxyConnection>
...
Please refer to the following docs and community links for more information on configuring TLS (1 way/2 way) for API proxies:
2 way TLS between TLS client and Edge
Regards,
Amar