We are designing a SSL - solution for our APM server and I am stuck at few considerations, I have basic understanding of SSL , though I picked up some information from documentation , need the community help in putting it in to a story.
Requirement: need encryption between apm agents and apm server.
client : at present we are using java agents for apis and weblogic app sever and rum agents for UI
We ordered a certificate for which we have received a 3 resources .p7b file and intermediate and end entity certificates and we already have a csr and key file at our end.
How to configure ca authorities here ?
we used p7b and converte it to crt so we used crt an key file now we need to configure ca authorties . We received both intermediate and end entity certificates as plain text (i mean in mail in base 64/x509 standard)
the moment we configure ca authorities, client authentication is automatically set to required . so rum based agents will do fine but what about java based agents authentication?
for server authentication do we need to add certificates to browser?
can we use httpd/ nginx - in betweeen http apm server to terminate ssl , which ssl is better apm -server or httpd layer and why ?
is authenticating client using ssl good approach? or it depends on agent for rum based certificate based authentication as its UI and server based agents like java should we use api keys + ssl/tls ? why not certificate based authentication for java agents?
Appreciate your help , Thank you!