Connect to URL - Client Certificate environmentalize not supported for outbound connection #9
Comments
|
Hi @Mitraa-SP, |
|
Hi @rathnapandi , It doesn't work. |
|
Hi @Mitraa-SP, Not sure, what you have tried - I would like you to check “Configure Outbound request settings” section in https://docs.axway.com/bundle/APIManager_762_APIMgmtGuide_allOS_en_HTML5/page/Content/APIManagementGuideTopics/api_mgmt_virtualize_web.htm. Select Authentication profile as SSL to configure backend mutual auth and use APIM-cli for promoting API to higher environments https://github.com/Axway-API-Management-Plus/apim-cli. |
|
Hi @rathnapandi , |
|
Hi @Mitraa-SP, Custom policy will not work for API Manager backend mutual auth. Backend SSL authentication profile accepts p12 file with certificate and uses the policy "Default SSL-based Routing" (available under Policies -> Generated Polices -> REST API's->Templates) for mutual authentication. As API manager won't accept p12 file for custom policy, we can't use the p12 file in the polices. Can you extend the policy "Default SSL-based Routing" for your use case instead of using a custom routing policy? Thanks |
|
Hi @rathnapandi , This is an existing feature in 7.5.3 and is working. Also working in 7.7 Axway. I am able to import the p12 certificate. Steps to import the certificate + key: Environment Configuration -> Certificates and Keys -> Certificates -> Certificates with Keys tab -> Create/Import button -> Import Certificate + key The p12 certificate is successfully added to Policy studio. Steps to use the above certificate in connect to URL Connect to URL (filter) -> SSL (tab) -> Client Certificate (tab) -> Select the certificate which was imported above. I have this certificate imported and working for non-prod. But for prod it is a different certificate. There is no support to environmentalize this with the current apim-environment-module. Note: Same route policy will be used for both non-prod and prod. The client certificate for outbound connection ('Connect to URL' filter) needs to be environmentalized. This was supported in 7.5.3. |
|
Hi @Mitraa-SP, Objective of this GitHub project is to do environmentalization via operating system or Kubernetes or docker environment variables. Thanks |
|
Hi @rathnapandi , The feature is all working. There is no issue with that. The main reason for me raising this issue is to mention that the apim-env-module needs an enhancement to support environmentalization of the client certificate for outbound connection (Connect to URL filter) like it does for HTTP listener/API Manager Traffic. We are using docker environment. |
|
@Mitraa-SP, I have marked the issue as enhancement. Will add it to next release. |
|
Thanks @rathnapandi , Could you please let me know approx. date on which this will be available. |
|
@Mitraa-SP, Changes are available in https://github.com/Axway-API-Management-Plus/apim-password-cert-env/releases/download/1.1.3/apim-env-module-1.1.3.jar, Refer readme for usage https://github.com/Axway-API-Management-Plus/apim-password-cert-env/blob/connect2urlsslauth/README.md. Do let me know if you see any issues. |
Support API Gateway November release.
Support API Gateway November release #10
Hi,
Found that there is no support to environmentalize client certificate for outbound connection (Connect to URL).
The text was updated successfully, but these errors were encountered: