Configuring Keystore and Truststore Information for Outbound Connections

Edit online

About this task

You might want to configure API Gateway to refer to a default truststore that you want API Gateway to use for securing outgoing SSL connections. The keystore and key alias can be configured for outgoing two-way SSL connections. During the SSL handshake between API Gateway and the native API, the server certificate, which is sent by the native API, has to be validated against a truststore in API Gateway.

To configure keystore and truststore settings for outbound secured connections

Procedure

  1. Expand the menu options icon , in the title bar, and select Administration.
  2. Select Security > Keystore/Truststore.
    A list of existing keystores and truststores loaded during startup, and those created in API Gateway and the corresponding details appears.
  3. To configure API Gateway's default keystore and truststore alias for outgoing secured connections, provide the following information in the Configure keystore and truststore settings for outbound connections section:
    Field Description
    Keystore alias Select a keystore that API Gateway uses for outgoing secured connections.

    Lists all available keystores. If you have not configured any keystore, the list is empty.

    Key alias Select the alias for the private key for an outbound connection from API Gateway to the native API.

    This field is auto-populated based on the selected keystore alias. It lists all the aliases available in the chosen keystore. If there are no configured keystores, this field is empty.

    Truststore alias

    The alias for the truststore that contains the list of CA certificates that API Gateway uses to validate the trust relationship with the native API.

    If you do not configure any truststore alias, it implies that API Gateway does not validate the certificates provided by native APIs.

  4. Click Save.