I have a client that uses TLS authentication using X.509 certificates. The Client makes API calls to my GCP app engine, which acts as a REST server.
The app engine has Identity Aware Proxy enabled, but the client is unable to use that to authenticate via that. Therefore, I made a API gateway for the client to make HTTPS requests. But it is unable to make HTTPS requests without authenticating with X.509 certificates.
I am able to upload a cert.pem
to the client. I generated the certificate in Google cloud shell using openssl. But I do not know where do I put this certificate in the GCP. Is it in App Engine->Settings->SSL certificates OR in the .yaml config file for the API gateway OR do I have to set up a load balancer?
CodePudding user response:
API Gateway, App Engine, and HTTP load balancers do not support client authorization with X.509 certificates.
You must implement client X.509 authentication in your application or web server on a service you manage and deploy such as Compute Engine.