-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explore TLS/SSL configuration options in addition to TCP #7
Comments
@Tomcli please explore - not a necessity for this journey but can be in a follow-on journey |
For TLS/SSL configuration, first you need to enable TLS/SSL connection for your app/server side. Then go to your secure gateway's advance setup, select TLS and upload your TLS/SSL certificate under TLS option. Once you done that everyone who try to access the destination will be verified against that certificate. For TLS Mutual Auth, you also need to provide the certificate for User Authentication. You can find more details about TLS/SSL configuration from here - https://console.ng.bluemix.net/docs/services/SecureGateway/sg_023.html#sg_011 |
This can be done for Scenario one using API Connect automagically. This integration of API Connect with Secure Gateway creates its own Destination in SG with HTTPS Mutual auth enabled. Steps outlined here https://console.ng.bluemix.net/docs/services/apiconnect/apic_006.html#apic_sg_con . To get it to work, need to stop using 127.0.0.1 and switch to localhost (that matches identity in the self-signed certificate in liberty. Also, needed to pull the self-signed certificate from the liberty container and upload to the API Connect created destination in the On-Premises Authentication panel. There's an up to 15 minute delay for the TLS profile to become active in API Connect, until that finishes the app will throw nondescript 500's when accessing the API from the developer portal. |
Thanks - we want to keep scenario one generic, and not tie to API connect. Based on all these comments, definitely this can be an addition to the main journey /or content for a follow-on journey. |
No description provided.
The text was updated successfully, but these errors were encountered: