This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

HTTPS endpoint with certificate getting failed

Posted 2 weeks ago
padmanabhamv
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM
<HTTPTargetConnection>
  <Properties/>
  <SSLInfo>
    <Enabled>true</Enabled>
    <IgnoreValidationError>true</IgnoreValidationError>
    <KeyStore>ref://sap-nonprod-dev</KeyStore>
    <TrustStore>ref://sap-nonprod-dev</TrustStore>
  </SSLInfo>
</HTTPTargetConnection>
 
 
imported SAP cert in the keystore.
 
while deploying getting error below.
 
required reference "organizations/svc-apigee-dev-05/environments/dev/references/sap-nonprod-dev" does not exist
 
how do i reference the cert for the given endpoint?
2 1 101
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

In Apigee there are multiple levels of reference for TLS keys and certs.

You can cite keystores and TrustStores directly, by name:

 

   ...
    <KeyStore>my-keystore</KeyStore>
    <TrustStore>my-truststore</TrustStore>
   ...

 

Or you can use a separate construct, which is a REFERENCE to a keystore or trruststore, this way:

 

   ...
    <KeyStore>ref://my-keystore-reference</KeyStore>
    <TrustStore>ref://my-truststore-reference</TrustStore>
   ...

 

See documentation on references here: https://docs.apigee.com/api-platform/system-administration/working-references

You said

imported SAP cert in the keystore.

But your configuration shows that you are using a reference, and you didn't mention configuring the keystore reference. So I think you missed a step. Or maybe you don't need or want to use references.  In which case, eliminate the ref:// prefixes in your configuration.

One other thing :

probably your keystore and truststore should not be the same. That's not good TLS hygiene. Please check that. In general it's not a good idea to store private keys in the same place as you store trusted certificates.

 

Good luck