Outbound TLS Policy

This policy uses TLS certificates to verify outbound endpoints during API processing.

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.
Verifies TLS certificates for outbound requests to external endpoints. When a Snaplex receives a request for an external endpoint and this policy is configured, the Snaplex connects to the external resource as a client and verifies the server TLS certificate. After verification, the Snaplex continues with the request to the external endpoint.

Policy execution order

This policy executes before the other policies.

Field/Field set Description
When this policy should be applied An expression that defines one or more conditions that must be true for the policy to execute.

Example: The expression request.method == "POST" causes the policy to execute only on POST requests.

Certificate Input Format Required.Select the method for certificate: The available options are:
  • RAW_TEXT: Opens text field for key files where you can paste the keys.
  • FILE_PATH: Enables filepath selector as you type the path:
    1. Click to preview the file in Manager.
    2. Click to select a file:
    • Under the Project, pick the target file from Manager.
    • Click Upload file button to select a file from your local machine.

When the certificate is input, the Preview Type contains the following options:

  • Hex: Displays the preview data in hexadecimal format.

  • Text: Displays the preview data in text format.

  • Render text with whitespace: Renders whitespaces as dots "." and tabs as underscores "_" in the preview data.

Click Download Preview for a copy on your local machine.

Default value: RAW_TEXT

Example: FILE_PATH
Certificate encryption algorithm Required. RSA.
Note: Currently, only RSA encryption algorithms are supported. RSA

Default value: RSA

Example: RSA
Public key Enter the public key.
  • The public key should be unencrypted.
  • The client can provide a certificate chain.
  • The certificate should be a valid x509 certificate.
The client can provide a certificate chain. The certificate should be a valid x509 certificate. None
Private key Enter the unencrypted private key.
Description

Required. A brief description of this policy.

Default value: Outbound requests are being verified using specified TLS certificates.