June 14, 2016
3 min read

Certificate-Based API Gateway to Backend Authentication

WSO2 API Cloud now officially supports Mutual SSL as one of the options to authenticate API gateway to your backend service. The way this works is illustrated in the diagram below. Basically, API Gateway in the cloud is handling user requests, gets users authenticated via OAuth, enforces various policies and so on. However, in its turn, it should get authenticated to the actual backend service. We have long supported various security mechanisms for that including basic authentication, OAuth, IP whitelisting, and digest authentication. We are now adding mutual SSL authentication to the mix:
  To set it up:
  1. Use the Support menu in API Cloud to create a request with WSO2 Cloud team,
  2. Let us know your backend hostname,
  3. Once we respond via email, send us backend certificate with which you want to configure mutual SSL (your_backend_cert.crt),
  4. Once we have this, we will add your certificate to our servers and send you our public certificate,
  5. You add WSO2 Cloud's public certificate to your backend servers.
  6. Now you can use Mutual SSL Certificates as a way to secure your gateway to backend access.
If you have any questions, just contact us via the Support menu and we will be happy to help you out.