API Gateway- REST API with two way SSL Configuration

Priyadharshini_Muniyandi2 · October 6, 2019, 6:23pm

Dear All,

We have a requirement to create REST API on webMethods API Gateway (10 x version) with SSL client certificate (.cer format).

The REST API is created, “Identify & Authorize Application” is configured as follows
• Condition: AND
• Application Lookup Condition: Registered applications
• Identification Type: API Key
• Application Lookup Condition: Registered applications
• Identification Type: SSL Certificate
• Allow anonymous: false
The REST API is consumed using an Application and below are the Application properties
• Identifiers: Client certificates (attached the client certificate (.cer format))
• API access key

However while invoking the REST API its failing with “SSL Handshake failure” and the native end point is receiving the request without the SSL certificate in it.
Request you to check and let us know if anyone can help on this.

sedo_sas · October 25, 2019, 10:04am

Hi i have the same issue and i can not find a solution.

Did you resolve your problem?

Thanks

Priyadharshini_Muniyandi2 · October 28, 2019, 6:42am

Hi,

Please follow the below steps, to implement tow way SSL.

Import native application Certificate to truststore of API Gateway
Map the above truststore to the HTTP Listener port of API Gateway
Configure ‘Keystore Alias and Key Alias’ under SSL configuration in the routing policy of the API

Best Regards,
Priyadharshini Muniyandi

sedo_sas · October 28, 2019, 1:01pm

Thank you, I will apply your procedure.

On the other hand, is your procedure as true in my case? I want to do 2-way-ssl in the case where API Gateway day the role of the client: Communication between the gateway API and end points servers. In my case, my endpoint server is not a ESB Integration Server.

as you can see in the screen copy attached to this message.

Thank you very much again.