HTTPS Configuration Overview
Non-mutual HTTPS
Message flow:
Client --(HTTPS 1)--> Customer Load Balancer --(HTTPS 2)--> Mashery Local instance --(HTTPS 3)--> Backend Service
In the above flow:
- HTTPS 1 is achieved between the Client and the Customer Load Balancer by appropriately configuring the Load Balancer. This is outside the scope of Mashery Local.
- HTTPS 2 configuration is what we refer to as the HTTPS Server feature. Since the Load Balancer and the Mashery Local instance are in the customer's network, mutual SSL is currently not supported in the HTTPS server feature.
- HTTPS 3 configuration is what we refer to as HTTPS Client feature. Since this call typically goes across networks, we support mutual SSL settings by configuring an HTTPS Client profile with Identity and Trust settings, and associating the profile with the endpoint configuration. The required configuration is documented in this section.
Mutual HTTPS
Mashery Local can be configured for mutual HTTPS authentication (server side). To accomplish this, you deploy a totally separated Mashery Local cluster with mutual HTTPS authentication on it.
- In tethered mode, this totally separated Mashery Local cluster syncs with a separated area in which all APIs to be protected by mutual HTTPS authentication are created.
- In untethered mode, you author all APIs to be protected by mutual HTTPS authentication using Configuration Manager. All APIs are confined in this separated Mashery Local cluster.
Copyright © Cloud Software Group, Inc. All rights reserved.