Skip to main content


SSL Certificates

Transport Layer Security (TLS), being the successor to Secure Sockets Layer (SSL) protocol, is a cryptographic protocol designed to secure communication between two parties, such as a web browser and a web server. It is implemented on top of an existing protocol, such as HTTP or TCP, to provide an additional layer of security by establishing a connection through a TLS handshake and encrypting data transmission.

The following illustration highlights the one-way TLS handshake in TLS v1.2 and TLS v1.3. TLS v1.2 and TLS v1.3 are the two most commonly used TLS versions.

TLS Handshake for TLS v1.2 and TLS v1.3

During this process, the server authenticates itself to the client by presenting its certificate. The client verifies the certificate to ensure that it is valid and issued by a trusted authority. Once the certificate has been verified, the client and server agree on a shared secret, which is used to encrypt and decrypt the application data.


API7 Enterprise also supports mutual TLS (mTLS), where client also authenticates itself to the server by presenting its certificate, effectively creating a two-way TLS connection. This ensures that both parties are authenticated and helps prevent network attacks like man-in-the-middle.

To enable TLS or mTLS in your system with API7 Enterprise, you should generate and configure certificates in the appropriate places. For configuration on the API7 Enterprise, an SSL certificate object may be required, depending on the segment of communication you want to secure:

Client Application -- API7 EERequiredRequired
API7 EE -- Service UpstreamNot RequiredOptional Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.


API7 Cloud

SOC2 Type IRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation