Mutual SSL flow and support in Mashery Local
Article ID: KB0080051
Updated On:
| Products | Versions |
|---|---|
| TIBCO Cloud API Management - Local Edition | - |
Description
Mutual SSL flow and support in Mashery Local:
Client --(HTTPS 1)-->F5 LB --(HTTPS 2)--> ML instance --(HTTPS 3)--> Backend Service
Resolution
Client --(HTTPS 1)-->F5 LB --(HTTPS 2)--> ML instance --(HTTPS 3)--> Backend Service
In the above flow:
- HTTPS 1 is achieved between Client and the Load Balancer (F5) by appropriately configuring load balancer. This is outside the purview of Mashery Local. If mutual SSL is desired in this interaction, load balancer can be configured with the appropriate Identity and Trust settings:
https://www.f5.com/solutions/application-security/web-app-and-api-protection
https://www.f5.com/solutions/application-security/web-app-and-api-protection
- HTTPS 2 configuration is referred in the ML documentation as HTTPS Server feature:
- https://docs.tibco.com/pub/mash-local/4.4.0/doc/html/ova/GUID-68C5179C-8134-4E46-AA05-330640A5D8D5.html -> Documentation
- If the Load Balancer (F5) and the ML instance are in the customer's network, mutual SSL is typically not needed, Mashery Local is not added support for it in the HTTPS server feature.
- HTTPS 3 configuration is referred in the ML documentation as HTTPS Client (Mutual SSL ) feature:
- https://docs.tibco.com/pub/mash-local/4.4.0/doc/html/ova/GUID-BE62769D-262E-41CD-8A74-02394F6308F6.html ->Documentation
- This call typically goes across networks, we support mutual SSL settings by configuring an HTTPS Client profile with Identity and Trust settings, and associating the profile with the endpoint configuration. Our documentation above covers all the required configuration.
Issue/Introduction
Current Mutual SSL flow and support in Mashery Local
Feedback
Yes
No
Powered by
