HTTPS Configuration Overview
Non-mutual HTTPS
Message flow:
Client --(HTTPS 1)--> Customer Load Balancer --(HTTPS 2)--> TIBCO Cloud™ API Management - Local Edition instance --(HTTPS 3)--> Backend Service
In the above flow:
- HTTPS 1 is achieved between the Client and the Customer Load Balancer by appropriately configuring the Load Balancer. This is outside the scope of API Management - Local Edition.
- HTTPS 2 configuration is what we refer to as the HTTPS Server feature. Since the Load Balancer and the Local Edition instance are in the customer's network, mutual SSL is currently not supported in the HTTPS server feature.
- HTTPS 3 configuration is what we refer to as HTTPS Client feature. Since this call typically goes across networks, we support mutual SSL settings by configuring an HTTPS Client profile with Identity and Trust settings, and associating the profile with the endpoint configuration. The required configuration is documented in this section.
Mutual HTTPS
Local Edition can be configured for mutual HTTPS authentication (server side). To accomplish this, you deploy a totally separated Local Edition cluster with mutual HTTPS authentication on it.
- In tethered mode, this totally separated Local Edition cluster syncs with a separated area in which all APIs to be protected by mutual HTTPS authentication are created.
- In untethered mode, you author all APIs to be protected by mutual HTTPS authentication using Configuration Manager. All APIs are confined in this separated Local Edition cluster.
Copyright © 2022. Cloud Software Group, Inc. All Rights Reserved.