Certificates
Certificate are used when configuring TLS or mTLS between client applications and API7 Gateway. This system of SSL and CA certificates is crucial for establishing trust and security online, allowing users to browse and interact with websites confidently.
- SSL Certificate: Used for Transport Layer Security (TLS). Secure Sockets Layer (SSL) protocol is a cryptographic protocol designed to secure communication between two parties.
- CA Certificate: Used for Mutual Transport Layer Security(mTLS). It is like a double-check system for secure connections, where both sides verify each other's identities before exchanging information.
SSL Certificate
TLS is implemented on top of an existing protocol, such as HTTP or TCP. It provides an additional layer of security by establishing a connection through a TLS handshake and encrypting data transmission.
The following illustration highlights the one-way TLS handshake in:
TLS v1.2 and TLS v1.3 are the two most commonly used TLS versions.
During this process, the server authenticates itself to the client by presenting its certificate. The client verifies the certificate to ensure that it is valid and issued by a trusted authority. Once the certificate has been verified, the client and server agree on a shared secret, which is used to encrypt and decrypt the application data.
CA Certificate
API7 Enterprise also supports mutual TLS (mTLS), where the client also authenticates itself to API7 Gateway by presenting its certificate, effectively creating a two-way TLS connection. This ensures that both parties are authenticated and helps prevent network attacks like man-in-the-middle.
Use Cases
To enable TLS or mTLS in your system with API7 Enterprise, you should generate and configure certificates and associated with SNIs.
Additional Resources
- Key Concepts
- API Security