Merge pull request #8077 from RusJaI/master

Modify documentation for supporting separate client side MTLS for production and sandbox endpoints
wso2 · Aug 5, 2024 · 90509bd · 90509bd
2 parents 43d0f67 + e109cb3
commit 90509bd
Show file tree

Hide file tree

Showing 5 changed files with 358 additions and 3 deletions.
diff --git a/en/docs/assets/img/learn/enable-mutual-ssl.png b/en/docs/assets/img/learn/enable-mutual-ssl.png
diff --git a/en/docs/assets/img/learn/upload-certificate.png b/en/docs/assets/img/learn/upload-certificate.png
diff --git a/en/docs/includes/design/create-mtls-api.md b/en/docs/includes/design/create-mtls-api.md
@@ -4,7 +4,7 @@
 2.  Click **Develop -> API Configurations -> Runtime**.
 3.  Select **Mutual SSL**.
 
-     [![Enable mutual SSL](https://apim.docs.wso2.com/en/4.1.0/assets/img/learn/enable-mutual-ssl.png)](https://apim.docs.wso2.com/en/4.1.0/assets/img/learn/enable-mutual-ssl.png)
+     [![Enable mutual SSL](../../../../assets/img/learn/enable-mutual-ssl.png)]({{base_path}}/assets/img/learn/enable-mutual-ssl.png)
 
     !!! note
           HTTP transport will be disabled for an API if it has Mutual SSL enabled.
@@ -17,9 +17,16 @@
         If you need to use a certificate in any other format, you can convert it using a standard tool before uploading it.
 
 
-5.  Provide an alias and public certificate. Select the tier that should be used to throttle out the calls using this particular client certificate and click **Upload**.
+5.  Select the key type for which the certificate is uploaded.
 
-     [![Upload Certificate](https://apim.docs.wso2.com/en/4.1.0/assets/img/learn/upload-certificate.png)](https://apim.docs.wso2.com/en/4.1.0/assets/img/learn/upload-certificate.png)
+    !!! note
+        When Transport Level Security and OAuth2 as Application Level Security are set to mandatory with MTLS enabled and gateway endpoint is invoked providing a valid certificate, it may verify only the existence of the certificate. 
+        Authentication may happen with OAuth2.
+
+
+6. Provide an alias and public certificate. Select the tier that should be used to throttle out the calls using this particular client certificate and click **Upload**.
+
+     [![Upload Certificate](../../../../assets/img/learn/upload-certificate.png)]({{base_path}}/assets/img/learn/upload-certificate.png)
 
 6.  **Save and Deploy** the API.
 
diff --git a/en/docs/includes/design/invoke-mtls-api-using-postman.md b/en/docs/includes/design/invoke-mtls-api-using-postman.md
@@ -1,5 +1,8 @@
 ### Invoke an API secured with Mutual SSL using Postman
 
+You can invoke the Production or Sandbox endpoint based on the client certificate you upload.
+For example, if you have uploaded example.crt as a `Production` type certificate in the Runtime Configurations for the API and you invoke the API using the same certificate here, the Production endpoint will be invoked.
+
 Import the certificate and private key to Postman.
 
 1. Navigate to the certificates tab in Postman settings.