In contrast to the usual one-way SSL authentication where a client verifies the identity of the server, in mutual SSL the server validates the identity of the client so that both parties trust each other. This builds a system that has a very tight security and avoids any requests made to the client to provide the username/password, as long as the server is aware of the certificates that belong to the client.
...
- Create an API.
- Edit the API and navigate to the Manage tab.
Select Mutual SSL under API Security.
Info You can select both OAuth2 and Mutual SSL options. This means that the user can access the API using a valid OAuth2 token or using a valid client certificate.
Click Manage Certificates to upload a new client certificate. Select Add New Certificate.
Insert excerpt Dynamic SSL Certificate Installation Dynamic SSL Certificate Installation nopanel true Info After configuring, the certificate will be added to the Gateway nodes which are defined under the Environments in
api-manager.xml. In a clustered setup, as gateway configurations are identical, sync the<API-M_HOME>/repository/resources/security/listenerprofiles.xmland<API-M_HOME>/repository/resources/security/client-truststore.jksamong the gateway nodes. After the configured interval, the synapse transport will be reloaded in all the gateway nodes.- Provide an alias and public certificate. Select the tier that should be used to throttle out the calls using this particular client certificate and click Upload.
- Save and Publish the API
...