Concept is simple. When a client logs in, they are required/requested to submit their client certificates, instead of credentials. The client then sends their certificate in the TLS handshake and it that passes the server gets to the next step. Client certificates must must be imported and trusted using a truststore setup on the APIGW.
------------------------------
Rupinder Singh
CTO, Nibble Technologies
https://www.nibl.tech/------------------------------
Original Message:
Sent: Mon December 15, 2025 09:17 AM
From: Istkhar Ahmed
Subject: mtls implementation in api gateway
Thank you for providing the inputs.
I don't have any issue or error right now - I am implementing MTLS in my local API Gateway (10.15) only to understand the core concept and how it actually works behind the scenes.
------------------------------
Istkhar Ahmed
Original Message:
Sent: Mon December 15, 2025 08:36 AM
From: Rupinder Singh
Subject: mtls implementation in api gateway
MTLS is very similar to doing it with Integration Server. Setup up a TLS port and then have have client certificates required/requested on it. Do you have a specific problem that you are trying to solve in setting up MTLS ?
------------------------------
Rupinder Singh
CTO, Nibble Technologies
https://www.nibl.tech/
Original Message:
Sent: Sun December 14, 2025 11:53 PM
From: Istkhar Ahmed
Subject: mtls implementation in api gateway
Hi All,
Experts, can anyone please provide inputs for mtls implementation in local installed API gateway 10.15.
------------------------------
Istkhar Ahmed
------------------------------