Layer7 API Management

Expand all | Collapse all

API gateway acting as a client in mutual SSL

  • 1.  API gateway acting as a client in mutual SSL

    Posted 02-22-2017 09:03 PM

    We have a policy end point in which we route to a backend end point that requires client certificate to be presented by the gateway ( acting as a client here ) . In the routing assertion , I picked the private key that is needed for the gateway to authenticate itself to the backend end point. However the backend end point team states that the API gateway is not presenting the certificate when asked for it, basically there is a redirect to a location on the backend server and even though the follow redirect option is checked on the routing assertion, the routing returns a 302 and is not presenting the certificate to the backend server.

     

    What am I missing here on the routing assertion ? Apart from pointing to the private key and following redirects , is there any other setting on the routing assertion that has to be enabled/disabled to present the client certificate to the backend server requesting the client certificate from the api gateway ?



  • 2.  Re: API gateway acting as a client in mutual SSL

    Posted 04-21-2017 05:41 PM

    Good afternoon,

     

    The main reason I have seen this interaction fail is due to the back end not presenting a CA trust chain that includes the certificate that we are trying to use as the private key. Have you been able to run a network trace between the gateway and the backend to see how the SSL handshake is working?

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support