Support for customizing API gateway trust stores
- Services: API Gateway
- Release Date: December 15, 2021
You can now customize the trust store that an API gateway uses to verify TLS certificates by adding the root certificates of other Certificate Authorities (CAs) and other CA bundles. These custom CAs and CA bundles are in addition to the default CA bundle already present in the trust store.
Having added custom CAs and CA bundles to the trust store, TLS connections to the API gateway (including from HTTPS back ends, and from the response cache) are verified using both the default CA bundle, and the custom CAs and CA bundles. In addition, if you have specified mTLS support for an API deployment, the API gateway uses custom CAs and custom CA bundles to verify API client certificates.
For more information, see Customizing Trust Stores for TLS Certificate Verification.