Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In contrast to the usual one-way SSL authentication where a client verifies the identity of the server, in mutual SSL the server validates the identity of the client so that both parties trust each other. This builds a system that has a very tight security and avoids any requests made to the client to provide the username/password, as long as the server is aware of the certificates that belong to the client. 

...

  1. Create an API.
  2. Edit the API and navigate to the Manage tab.
  3. Select Mutual SSL under API Security.

    Info

    You can select both OAuth2 and Mutual SSL options. This means that the user can access the API using a valid OAuth2 token or using a valid client certificate.

  4. Click Manage Certificates to upload a new client certificate. Select Add New Certificate.


    Insert excerpt
    Dynamic SSL Certificate Installation
    Dynamic SSL Certificate Installation
    nopaneltrue

    Info

    After configuring, the certificate will be added to the Gateway nodes which are defined under the Environments in api-manager.xml. In a clustered setup, as gateway configurations are identical, sync the <API-M_HOME>/repository/resources/security/sslprofileslistenerprofiles.xml and <API-M_HOME>/repository/resources/security/client-truststore.jks among the gateway nodes. After the configured interval, the synapse transport will be reloaded in all the gateway nodes.

  5. Provide an alias and public certificate. Select the tier that should be used to throttle out the calls using this particular client certificate and click Upload.
  6. Save and Publish the API

...