TLS profiles overview

API Connect supports TLS Profiles for securing data transmission over HTTPS.

Introduction to TLS profiles

Important: API Connect includes several default TLS profiles to help you get started working with the application. The default profiles should not be used in a production environment. It is important to create your own profiles to ensure a secure network.

API Connect may need to transmit data across an untrusted network, for example, when accessing the Gateway, email server, or LDAP server. TLS provides secure network layer transportation of data between two parties.

There are two types of TLS Profiles: a TLS Server Profile and a TLS Client Profile. A TLS Server Profile is used by the Gateway to configure its endpoint for use during API execution. A TLS Client profile is used whenever the system needs to communicate with another endpoint over TLS.

The components of a TLS Profile are:

TLS Protocol version indicates the versions of the Transport Layer Security Protocol required for the profile. TLS Protocol versions 1.0, 1.1, and 1.2 are supported.
Optional support for mutual authentication and renegotiation for Server Profiles.
Optional support for weak server connections and Server Name Indication for Client Profiles.
Cipher suites to secure HTTPs communication within the API Connect ecosystem.
Keystores containing public and private key pairs.
Truststores containing public keys for trusted third party services, such as Google, Facebook, or Verisign.