Using TLS in a Private Cloud installation

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation. info

Apigee Edge

The following figure shows where Apigee Edge for Private Cloud customers configure TLS:

The following table describes the locations where you configure TLS access for a Private Cloud installation:

	Source	Destination	TLS Access
1	API developer	Edge management UI	Enable TLS on the Edge UI for either the New Edge experience or the Classic UI: Configuring TLS for the New Edge experience Configuring TLS for the management UI (Classic UI) See the Edge Operations Guide for more, which is available from your private FTP account or on the Apigee Support Portal under Libraries (Edge for Private Cloud version 4.16.01 and earlier)
2	API Developer	Edge management API	Enable TLS on the Edge management API. See the Edge Operations Guide for more, which is available from your private FTP account or on the Apigee Support Portal under Libraries (Edge for Private Cloud version 4.16.01 and earlier) and online at Configuring TLS/SSL for Edge On Premises (version 4.16.05 and later).
3	API Client (app)	API	Enable TLS on API access through the use of virtual hosts on the Edge Router. See Configuring TLS access to an API for the Private Cloud for more.
4	Edge	Target endpoint	Enable TLS between Edge and a backend service provider. See Configuring TLS from Edge to the backend (Cloud and Private Cloud) for more.
5	Router	Message Processor	Enable TLS for communication between a Router and Message Processor. See the Edge Operations Guide for more, which is available from your private FTP account or on the Apigee Support Portal under Libraries (Edge for Private Cloud version 4.16.01 and earlier) and online at Configuring TLS/SSL for Edge On Premises (version 4.16.05 and later)..

If your Edge for Private Cloud installation included a load balancer, then you might also have to replace the configuration for #3 above to configure TLS between the app and load balancer, and between the load balancer and the Edge Router:

	Source	Destination	Description
6	App	Load Balancer	Enable TLS on the load balancer. This process is determined by your load balancer.
7	Load Balancer	Router	If necessary, enable TLS on the Router for requests from the load balancer. Use the same process as you do for configuring TLS for a virtual host as described here: Configuring TLS access to an API for the Private Cloud. If the load balancer and Router are in the same security domain, TLS configuration may not be necessary. However, that is dependent on your network configuration.

Source

Destination

Description

App

Load Balancer

Enable TLS on the load balancer. This process is determined by your load balancer.

Load Balancer

Router

If necessary, enable TLS on the Router for requests from the load balancer. Use the same process as you do for configuring TLS for a virtual host as described here: Configuring TLS access to an API for the Private Cloud.

If the load balancer and Router are in the same security domain, TLS configuration may not be necessary. However, that is dependent on your network configuration.

Learn more: