As I understand, mutual TLS has nothing to do with the place we upload cerths (application and subscription). If we take mutual SSL enabled soap messages then what we do is get a header block with NS URL after checking cert object. Then from the header block we get the user name. In mutual SSL whatever username send by client is trusted as long as it comes with proper format and along with cert. Similar to that, can't we just let subscribers send those information along with the certificate?
On the other hand if we let subscribers upload certs that affect the gateway they can simply upload any certificate with host names and override certificates added by maintainers. Isn't it a problem? Thanks, sanjeewa. On Tue, Nov 17, 2020 at 1:06 PM Dulangi Gamage (Intern) <[email protected]> wrote: > Hi All, > > *Project Description* > > Currently, the API Manager supports mutual TLS at the API level. In the > current implementation application subscription is not permitted for APIs > that are only protected with Mutual SSL. Therefore, subscription or > application-level throttling is not applicable to these types of APIs. > Hence, now the Mutual TLS support needs to be implemented at the > application level so that all the applications subscribed to that API will > have mutual TLS enabled. So my project is to enhance the Mutual TLS support > to the application level and enhance the application developer portal UI > to support mutual TLS. > > Please refer to the attached google doc for more details. > > https://drive.google.com/file/d/1tiB2xkuopKGWWYJYEqTlRztfFiCenl19/view?usp=sharing > > Your feedback and suggestions are greatly appreciated. Thank You. > > > -- > Dulangi Gamage | Intern | WSO2 Inc. > (m) +94766697385 | Email: [email protected] > <http://wso2.com/signature> > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- *Sanjeewa Malalgoda* Software Architect | Associate Director, Engineering - WSO2 Inc. (m) +94 712933253 | (e) [email protected] | (b) Blogger <http://sanjeewamalalgoda.blogspot.com>, Medium <https://medium.com/@sanjeewa190> GET INTEGRATION AGILE <https://wso2.com/signature> Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
