SSL Certificates
Transport Layer Security (TLS), being the successor to Secure Sockets Layer (SSL) protocol, is a cryptographic protocol designed to secure communication between two parties, such as a web browser and a web server. It is implemented on top of an existing protocol, such as HTTP or TCP, to provide an additional layer of security by establishing a connection through a TLS handshake and encrypting data transmission.
The following illustration highlights the one-way TLS handshake in TLS v1.2 and TLS v1.3. TLS v1.2 and TLS v1.3 are the two most commonly used TLS versions.
During this process, the server authenticates itself to the client by presenting its certificate. The client verifies the certificate to ensure that it is valid and issued by a trusted authority. Once the certificate has been verified, the client and server agree on a shared secret, which is used to encrypt and decrypt the application data.
API7 Enterprise also supports mutual TLS (mTLS), where client also authenticates itself to the server by presenting its certificate, effectively creating a two-way TLS connection. This ensures that both parties are authenticated and helps prevent network attacks like man-in-the-middle.
To enable TLS or mTLS in your system with API7 Enterprise, you should generate and configure certificates in the appropriate places. For configuration on the API7 Enterprise, an SSL certificate object may be required, depending on the segment of communication you want to secure:
TLS | mTLS | |
---|---|---|
Client Application -- API7 EE | Required | Required |
API7 EE -- Service Upstream | Not Required | Optional |