Google cloud platform Cloud Endpoint SSL/TLS mutual handshake ESP

Question

I am working on deploying an API solution on GCP where mutual SSL/TLS is required (server and client side certificates). So for the ingress of the traffic (entry point) I found that kubernetes ingress controller has this possibility (NGINX based). I am interested by cloud endpoints which has ESP (extensible service proxy which is also nginx deployment under kubernetes).

I couldn't find anywhere in the documentation whether mutual SSL/TLS is available for ESP (cloud endpoint), does anyone know the answer for this ?

I found this [documentaion](https://cloud.google.com/endpoints/docs/openapi/enabling-ssl) which explain how to enable SSL/TLS for Cloud Endpoints. — Nicholas, Dec 16 '19 at 11:43

score 0 · Answer 1 · answered Dec 05 '19 at 18:08

0

This might be possible using Istio. Have you come across following article? which seems to suggest how to achieve MTLS for Endpoints.

https://istio.io/docs/examples/platform/endpoints/

answered Dec 05 '19 at 18:08

Parth Mehta

1,869
5
15

score 0 · Answer 2 · answered Dec 05 '19 at 23:11

0

ESP supports mTLS. You can specify the certificates files here

      proxy_ssl_certificate /etc/nginx/ssl/backend.crt;
      proxy_ssl_certificate_key /etc/nginx/ssl/backend.key;

Here is its nginx config

answered Dec 05 '19 at 23:11

Wayne Zhang

147
4

Google cloud platform Cloud Endpoint SSL/TLS mutual handshake ESP

2 Answers2

Linked