How to Call an API Which Uses a Self-Signed Certificate
Join the DZone community and get the full member experience.Join For Free
The Axway API Gateway,
as the name suggests, is often used as a gateway in front of APIs / Web
Services. The connection to the API behind the API Gateway often is
over SSL. If this connection uses a self-signed certificate (i.e. not
VeriSign or another global CA), then how do you configure the trust for
The first step is to import the certificate into the "Certificates" section of Policy Studio. To do this, click on the "Create/Import" button, which you can see on the bottom of the screenshot below:
Once you've imported the cert, then you need to use it in a policy. In the example below, I have a simple routing policy which will route to a backend server over SSL. The first step is to use a "Static Router" filter in order to enter the backend server name (in this case "dev.company.com") and select the radio button which specifies that I'm connecting over SSL:
I then follow this with a "Connection" filter, and I make sure that the certificate which I imported earlier is checked under "Trusted Certificates", as shown below:
Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.