Implementation Procedure
One-Way Authentication
- Log in to the APIG console.
- Select a gateway at the top of the navigation pane.
- Create an SSL certificate.
- In the navigation pane, choose API Management > API Policies.
- On the SSL Certificates tab, click Create SSL Certificate.
Table 1 Certificate configuration for one-way authentication Parameter
Description
Name
Enter a certificate name that conforms to specific rules to facilitate search.
Instances Covered
Select Current.
Content
-----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...
-----End certificate-----
Key
-----Start RSA private key----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...
-----End RSA private key-----
CA
No CA certificate is required for one-way authentication.
- Click OK.
- Bind a domain name.
- In the navigation pane, choose API Management > API Groups.
- Click the name of the group to which the API belongs. The group details page is displayed.
- On the Group Information tab page, click Bind Independent Domain Name.
Table 2 Independent domain name configuration Parameter
Description
Domain Name
Enter a licensed domain name.
Minimum TLS Version
Select TLS1.2.
HTTP-to-HTTPS Auto Redirection
Disabled by default.
- Click OK.
- Bind a certificate.
- In the row that contains the domain name, click Select SSL Certificate.
- Select the created certificate and click OK.
Client authentication should be disabled for one-way authentication.
- Call the API.
Use the API test tool to call the API. If the status code is 200, the API is successfully called.
Two-Way Authentication
- On the SSL Certificates tab, click Create SSL Certificate.
Table 3 Certificate configuration for two-way authentication Parameter
Description
Name
Enter a certificate name that conforms to specific rules to facilitate search.
Instances Covered
Select Current.
Content
Enter the certificate content.
-----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...
-----End certificate-----
Key
Enter the key.
-----Start RSA private key----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...
-----End RSA private key-----
CA
Enter the CA certificate content. After the CA certificate is configured, client authentication is enabled by default as long as the independent domain name is bound to the SSL certificate.
-----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...
-----End certificate-----
- Click OK.
- Bind a domain name.
- In the navigation pane, choose API Management > API Groups.
- Click the name of the group to which the API belongs. The group details page is displayed.
- On the Group Information tab page, click Bind Independent Domain Name.
Table 4 Independent domain name configuration Parameter
Description
Domain Name
Enter a licensed domain name.
Minimum TLS Version
Select TLS1.2.
HTTP-to-HTTPS Auto Redirection
Disabled by default.
- Click OK.
- Bind a certificate.
- In the row that contains the domain name, click Select SSL Certificate.
- Select the created certificate and click OK.
After binding an SSL certificate, two-way authentication is automatically enabled.
- Call the API.
Use the API test tool to call the API. If the status code is 200, the API is successfully called.
You need to configure the client certificate when accessing APIs.
If Postman is used to call APIs, you need to add client certificates to Certificates in Setting and upload the client certificates and key.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
