Glad to see the release fo 2.4, and accomplishing another milestone.
I just want to check if the Mutual TLS can be offered for outbound traffic? In this case, Tyk API Gateway will actually be the client, and the upstream service provider will be the server
I came across use cases (especially for enterprise) where Mutual TLS is also required when interfacing with the actual service providers, so this could probably be a neat feature to address some over-paranoid security folks and their guidelines.
I am trying to check out the feature on my trial cloud version, and have some questions on that. Feel free to edit the thread category if it falls under something else.
Do i need to trust / import the root ca before i add a certificate, or any pre-condition? I am unable to add a self-signed pem file at the API designer (another reasons could be i possibly generate the pem file wrongly, but these files i did used them successfully for my previous test)
For the upstream TLS , how do i add a corresponding certificate that will be verified by the destination upstream server? Is there an option there to manage certificates?
Does that mean the API Gateway, eventually, will have to manage its own local trust store? This is ensure only certificate signed by valid root CA (either self-signed locally or public CA like Verisign) can be uploaded.