SSLInfo
SSL information.
Schema
ciphers | Edge for Private Cloud version 4.15.07 and earlier only. Specifies the ciphers supported by the virtual host. If no ciphers are specified, then all ciphers available for the JVM will be permitted. To restrict ciphers, add the following elements: |
clientAuthEnabled | Flag that specifies whether to enable two-way, or client, TLS between Edge (server) and the app (client) making the request. Enabling two-way TLS requires that you set up a truststore on Edge that contains the cert from the TLS client. |
enabled | Flag that specifies whether to enable one-way TLS/SSL. You must have defined a keystore containing the cert and private key. For Edge for Public Cloud:
|
ignoreValidationErrors | Flag that specifies whether to ignore TLS certificate errors. This is similar to the This option is valid when configuring TLS for Target Servers and Target Endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails. |
keyAlias | Alias specified when you uploaded the cert and private key to the keystore. You must specify the alias name literally; you cannot use a reference. See Options for configuring TLS for more. |
keyStore | Name of the keystore on Edge. Apigee recommends that you use a reference to specify the keystore name so that you can change the keystore without having to restart Routers. See Options for configuring TLS for more. |
protocols | Edge for Private Cloud version 4.15.07 and earlier only. Specifies the protocols supported by the virtual host. If no protocols are specified, then all protocols available for the JVM will be permitted. To restrict protocols, add the following elements: |
trustStore | Name of the truststore on Edge that contains the certificate or certificate chain used for two-way TLS. Required if Apigee recommends that you use a reference to specify the truststore name so that you can change the truststore without having to restart Routers. See Options for configuring TLS for more. |