Mutual TLS Certificates

VGS allows you to upload a TLS certificate along with the private key to establish a trusted connection with a third party service like Visa or Mastercard.

You can choose while uploading a certificate between Inbound and Outbound proxy.

Inbound Proxy

Caller (for example Visa callback) -> VGS Inbound proxy +[mTLS] -> Customer’s API

Outbound Proxy

Caller -> VGS Outbound proxy [+mTLS] -> upstream (third-party)

The private key is used to encrypt the data over the TLS connection. The encryption prevents the data from being modified while it transits through the network.

TLS Certificate identifies the server and the company associated with the server.

Any certificate you upload must be associated with a set of credentials for Outbound flow or a route (i.e. Upstream) for Inbound flow.

Uploading a TLS Certificate

All your mutuals TLS certificates can be found on the dashboard in the Vault Settings section.

To upload a certificate:

  • Click Add Certificate

  • Provide certificate

  • Provide private key

  • Choose an access credential (for Outbound) or route id (for Inbound) to associate the certificate with

  • Click Save

Once uploaded, the mutual TLS certificate will appear in the dashboard with appropriate cert description, proxy type, access credentials (for Outbound), and expiration date. In the preview window, you will be able to see the cert signer.

Outbound Certificates are not tied to a specific Outbound Route, instead, they are tied to their access credentials. Thus, in order to use the certificate, the request must be authenticated with the relevant credentials (in the format USERNAME:PASSWORD@VAULT_ID.ENV.verygoodproxy.com). This allows flexibility in using the certificate with any Outbound Route.

Deleting a TLS Certificate

To remove a mutual TLS certificate:

  • Go to the Vault Settings section on the dashboard

  • Choose the certificate and click the x icon on the right

  • You will be prompted for confirmation of deletion

  • If you agree, click Remove Certificate button

Please mind, the removing of certificate will lead to it no longer being used for TLS connection with third-party.

PreviousConfiguring Advanced SettingsNextCustom Hostnames and TLS certificates

Last updated