Clever Geek Handbook

Is the HTTPS option required when the remote REST API is HTTPS?

I would like to make a Bluemix (Liberty) application available to a remote REST API that is exposed in SSL. I need to use the "TLS Mutual Auth option" gateway. But now, to figure out if I should use the "HTTPS" option or not when SSL provides a remote REST API, I tested two cases, HTTPS and TLS Server Auth. The HTTPS case succeeded and TLS Server Auth crashed.

Is the HTTPS option required when the remote REST API is HTTPS in order to rewrite the HTTP header on the SecureGatewayClient? Can't we secure the gateway with TLS Mutual Auth if it's going to be?

1. HTTPS Option: Success
This case led to success.

2. TLS Server Auth: Failure
In this case, a failure has occurred. I just ran the gateway option from "HTTPS" to "TLS Server Auth" so the reason is not a misconfiguration.

[Bluemix Liberty Application Log]
2015-07-01T04: 17: 58.64 + 0900 [RTR] OUT sampleapp.mybluemix.net
[30/06/2015: 19: 17: 49 +0000] "GET / XXX HTTP / 1.1" 200
2015-07-01T04: 17: 58.66 + 0900 [App / 0] OUT res: 404 Not Found: The requested route ("cloudhost: cloudport") does not exist.

[SG Client Log]
[2015-06-30 02: 37: 38.144] [INFO] Connection # 32 is established on remote host REST API: 443 [2015-06-30 02: 37: 38.227] [INFO] Connection # 32, installed on remote host REST API: 443 [2015-06-30 02: 37: 52.535] [INFO] Connection # 32 to remote host REST API: 443 has been closed

enter image description here

+3


source to share


1 answer


In response to this part of your post:



Is the HTTPS option required when a remote REST API is HTTPS in order to rewrite the HTTP header at SecureGatewayClient ?

Yes, HTTPS is required when connecting to remote https api hosting. Also, if you are connecting to a back-end HTTPS server, you need to enable client-side TLS .

The link below provides more information on securing the gateway in the Bluemix interface:

https://www.ng.bluemix.net/docs/services/SecureGateway/sg_022.html#sg_009

In response to this part of your post:



Can't we protect the gateway with TLS Mutual Auth?

Yes, you can use TLS: Mutual Auth , but you will also need to upload your own certificate or choose auto-generation to automatically generate a self-signed certificate / key pair that you can download along with the server certificate.

To use the certificates generated when choosing TLS: Mutual Auth, you also need to configure the TLS connection on the application side and possibly your TLS connection on the client side.Enabling TLS security between the client and your REST interface depends on the TLS on the application side. Application-side TLS provides access between your sample application and the secure gateway client. You can use TLS client communication independently of TLS on the application side, or vice versa, or together, to ensure that your sample application is completely secure for your REST API.

For more information on accessing the secure gateway, see below:

https://www.ng.bluemix.net/docs/services/SecureGateway/sg_023.html

+1


source






More articles:


All Articles