본문 바로가기
IBM - old/IBM APIC

[APIC]Make secure API calls in IBM API Connect

by freeman98 2017. 3. 25.

https://www.ibm.com/developerworks/security/library/mw-1607-hutchinson-trs/1607-hutchinson.html?ca=drs-


Make secure API calls in IBM API Connect

Add TLS profiles to protect assets in back-end systems

Charlotte Hutchinson, Chris Phillips, and Jörgen Persson
Published on July 18, 2016

Linked InGoogle+



Secure Socket Layer (SSL) is used for security over a network. In IBM® API Connect, Transport Layer Security (TLS) profiles are used to secure transmission of data through websites. TLS and SSL certificates guarantee that information you submit will not be stolen or tampered with. The ability to connect to a secure back-end system is essential, and setting up security correctly is not always an obvious task.


In this tutorial, you learn how to retrieve a certificate and then create a TLS profile in API Manager. By using this profile, you can connect API Connect to SSL-enabled back-end systems. To understand this tutorial, you should have previous knowledge about TLS and API Connect.

What you'll need for this tutorial

  • API Connect. See the API Connect Deveveloper Center and API Connect on Bluemix®.
  • An IBM Bluemix account
  • OpenSSL
  • Access to the Internet and a browser. This tutorial uses Mozilla Firefox.
  • A certificate that you want to add to the back end. This certificate can be a self-signed certificate or any signer certificate.
1

Retrieve a certificate

Move to the cloud with the Connect series from IBM
Discover, create, and publish APIs with your existing apps and data with the Connect series from IBM. IBM API Connect, an end-to-end API lifecycle management solution, is the glue that holds together the Connect series from IBM: IBM WebSphere Connect, IBM Business Operations Connect, IBM App Connect, IBM z/OS Connect, IBM DB2 Connect, and IBM DataWorks Connect. You can expose applications and data as APIs and connect to and from the cloud.


In this step, you retrieve your certificate either by using the OpenSSL command-line interface or by accessing the certificate from within your browser. API Connect supports only the P12 (PKCS12) and PEM certificate formats for the truststore.

Option 1: Use OpenSSL

Retrieve your certificate:

  1. Open OpenSSL and view your certificates as follows. Specify your own host name and port.
    openssl s_client -connect {HOSTNAME}:{PORT} –showcertsUsing OpenSSL to view certificates
  2. Copy and paste the information between the BEGIN CERTIFICATE and END CERTIFICATE tags, including the tags, to a text file on your PC. If you have multiple certificates, retrieve each one.
  3. Save the file with a meaningful name that uses the .ctr extension.

Option 2: Use your web browser

If you are using Mozilla Firefox, retrieve your certificate as explained here and shown in the following figure:

  1. Click the SSL certificate icon at the top or Padlock at the bottom.
  2. Click View Certificate.
  3. Click the Details tab.
  4. From the hierarchy of certificates, choose the certificate that you want.
  5. Click Export.
  6. Save the certificate locally. Example of downloading a certificate from Firefox

On an Apple® Mac®, follow these steps:

  1. From the Firefox menu, select Preferences.
  2. From the left menu, select Advanced.
  3. Under Certificates, click View Certificates.
  4. Click Your Certificates.

Add the certificate to API Connect

Add the certificate to the API in API Connect:

  1. Open API Connect. Select Admin. IBM API Connect
  2. Click TLS profiles. The API Connect TLS Profiles tab

    View image at full size

  3. Create a TLS profile.
    1. Enter a display name and name for your TLS profile.
    2. Enter a value in the Description field.
    3. Add a Trust Store and upload the certificates.
    4. Click the arrow next to Protocols. Selecting a TLS Protocol
  4. Select TLS version 1.0 (or other version that you are using). The following figure shows an example TLS profile. Example TLS profile

Add the TLS profile to your API

Add the profile to your API:

  1. Go back to the API that is using the certificate.
  2. Click the Assemble tab.
  3. Click Invoke.
  4. In the section for the TLS profile, click the arrow and select the profile that you just created. The Assemble section in API Connect
  5. Click Save. As shown in the following figure, the TLS profile is added.An Assemble section with a TLS profile added

Conclusion

This tutorial showed you how to create a simple TLS profile and then add it to an API in API Connect. With the profile, API calls can communicate with SSL-enabled back-end systems for secure transmission of data.

Downloadable resources

Related topics


'IBM - old > IBM APIC' 카테고리의 다른 글

[APIC]Mock Backend Services with User Defined Gateway Policies  (0) 2017.05.19
[APIC]IBM API Connect 관련 샘플 API 들 github 로 공유  (0) 2017.04.17
[APIC]IBM API Connect 관련 YouTube 채널  (0) 2017.03.07
[APIC]IBM API Connect 의 Assemble 성능 테스트 및 튜닝  (0) 2017.03.07
[APIC]Developer Toolkit 을 활용하여 DevOps 형태로 Urbancode 나 Jenkins 와 연동하기 위한 다양한 CLI 명령  (0) 2017.02.13

관련글

댓글

티스토리툴바