Layer7 API Management

  • 1.  Mutual TSL between Api Gateway and Client

    Posted Jan 25, 2018 05:19 PM

    Regards,

     

    Can you please help me with a tutorial to configure the communication with tsl mutual between the gateway (as a server) and the client through certificates.

    I am creating a self-signed certificate on the client and import it into the gateway. Then I export the gateway certificate and import it into the client.
    Then I create a user in the FIP with the same CN of the imported certificate. I enable port 9443 for client authentication to be mandatory. I add the assertion "Require SSL or TSL Transport with Client Authentication" and then "Authenticate Against Identity Provider".

    After the previous steps the gateway is allowing to make requests from clients that do not have the installed certificates and should not be authorized.

    The tests I'm doing with postman.

    I appreciate your help.



  • 2.  Re: Mutual TSL between Api Gateway and Client

    Broadcom Employee
    Posted Feb 01, 2018 05:54 PM

    Can you please provide a snippet/screenshot of your policy showing the authentication assertions that you are using?



  • 3.  Re: Mutual TSL between Api Gateway and Client
    Best Answer

    Broadcom Employee
    Posted Feb 01, 2018 05:58 PM

    Also see the following post Configuring mutual ssl 

     

    Wesley.