Is it possible to enable mutual SSL in Apache Web 2.4 on a per API Respurce level?

Question

As indicated on the title. Is it possible to set mutual ssl on Apache 2.4 on a per context or API resource level?

We have an API gateway fronted by Apache 2.4 which is protected using Mutual SSL. We have a mobile app that needs to consume an API exposed by the gateway. I am not sure if mobile apps are capable of mutual SSL so we are trying to exempt the specific API context from mutual SSL.

score 0 · Answer 1 · answered Apr 26 '19 at 22:52

Of course you can. You should configure your virtual host and then define a location element for your APIs where certificate verification is mandatory. Recently I realized an ad hoc project that could fully respond to your doubt. https://github.com/amusarra/docker-apache-ssl-tls-mutual-authentication

The attached image shows the call to a REST service in mutual authentication

enter image description here

Is it possible to enable mutual SSL in Apache Web 2.4 on a per API Respurce level?

1 Answers1