Explore TLS/SSL configuration options in addition to TCP

[animeshsingh]

No description provided.

[animeshsingh]

@Tomcli please explore - not a necessity for this journey but can be in a follow-on journey

[Tomcli]

For TLS/SSL configuration, first you need to enable TLS/SSL connection for your app/server side. Then go to your secure gateway's advance setup, select TLS and upload your TLS/SSL certificate under TLS option. Once you done that everyone who try to access the destination will be verified against that certificate.

For TLS Mutual Auth, you also need to provide the certificate for User Authentication.

You can find more details about TLS/SSL configuration from here - https://console.ng.bluemix.net/docs/services/SecureGateway/sg_023.html#sg_011

[timroster]

This can be done for Scenario one using API Connect automagically. This integration of API Connect with Secure Gateway creates its own Destination in SG with HTTPS Mutual auth enabled.

Steps outlined here https://console.ng.bluemix.net/docs/services/apiconnect/apic_006.html#apic_sg_con .

To get it to work, need to stop using 127.0.0.1 and switch to localhost (that matches identity in the self-signed certificate in liberty. Also, needed to pull the self-signed certificate from the liberty container and upload to the API Connect created destination in the On-Premises Authentication panel. There's an up to 15 minute delay for the TLS profile to become active in API Connect, until that finishes the app will throw nondescript 500's when accessing the API from the developer portal.

[animeshsingh]

Thanks - we want to keep scenario one generic, and not tie to API connect. Based on all these comments, definitely this can be an addition to the main journey /or content for a follow-on journey.