SSL creates a secure connection between servers and clients over the web and internal network, safeguarding sensitive data for secure transmission. The Hypertext Transfer Protocol Secure (HTTPS) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site. The data sent over HTTPS is secured using SSL/TLS, which provides protection using encrypted channels.

The API Management setup comprises various components, such as, API Gateway server, API Gateway UI, Elasticsearch, API Portal, Kibana, and Terracotta. You must create secure connections between these components in order to enable a secure channel of communication. This article explains how to enable SSL support for the components of an API Management setup.

This article assumes that you have API Gateway advanced edition of version 10.2 or later installed. Additionally you have a basic understanding of the following:

The following figure illustrates the full HTTPS configuration in an API Management setup.

For ensuring the security of the data being transferred between two components, you can implement one-way or two-way SSL/TLS. In an API Management setup two-way SSL/TLS can be implemented for secure communication between the following components: