Skip to main content

Version: 3.2.16.4

SSL Certificates

Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) protocol. SSL is a cryptographic protocol designed to secure communication between two parties. It is implemented on top of an existing protocol, such as HTTP or TCP. It provides an additional layer of security by establishing a connection through a TLS handshake and encrypting data transmission.

The following illustration highlights the one-way TLS handshake in:

TLS v1.2 and TLS v1.3 are the two most commonly used TLS versions.

TLS Handshake for TLS v1.2 and TLS v1.3

During this process, the server authenticates itself to the client by presenting its certificate. The client verifies the certificate to ensure that it is valid and issued by a trusted authority. Once the certificate has been verified, the client and server agree on a shared secret, which is used to encrypt and decrypt the application data.

SSL

API7 Enterprise also supports mutual TLS (mTLS), where the client also authenticates itself to the server by presenting its certificate, effectively creating a two-way TLS connection. This ensures that both parties are authenticated and helps prevent network attacks like man-in-the-middle.

To enable TLS or mTLS in your system with API7 Enterprise, you should generate and configure certificates in the appropriate places. For configuration on the API7 Enterprise, an SSL certificate object may be required, depending on the segment of communication you want to secure:

TLSmTLS
Client Application -- API7 EERequiredRequired
API7 EE -- Service UpstreamNot RequiredOptional

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation