This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Inconsistent behavior on configured 2-way SSL between client and Apigee Edge

Posted 2 weeks ago
mmagtalas
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hello,

We're currently implementing two-way SSL between clients and Apigee Edge. Here's our setup:

  • We've set up a dedicated virtual host with its own domain, which is linked to a single truststore containing all client certificates.
  • At the proxy level, we've implemented a JavaScript policy to validate whether the correct certificate for the specific proxy is being passed.
  • For testing purposes, we've created two proxies: Proxy 1 requires Client Certificate 1, while Proxy 2 requires Client Certificate 2.

We're using Postman to test various scenarios, such as passing correct/incorrect certificates to the proxies. In most cases, we're receiving the expected results.

However, we've encountered inconsistent behavior and responses. There are instances when we are receiving the following error from Postman, even when we're passing the correct certificate. We've confirmed that Postman includes the certificate in the request.

<html>

<head>
    <title>400 No required SSL certificate was sent</title>
</head>

<body>
    <center>
        <h1>400 Bad Request</h1>
    </center>
    <center>No required SSL certificate was sent</center>
    <hr>
    <center>server</center>
</body>

</html>

We're investigating this issue further and would appreciate any insights or assistance about this intermittent behavior. 

Thank you.

 

 

 

 

 

 

 

 

 

1 3 93
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
ayushmanp
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi @mmagtalas 

Verify Certificate Configuration: Ensure that the correct certificate configurations are in place on the client and server sides. Verify that the certificates are signed by a reliable CA, are valid, and have not expired. Additionally, confirm that each Postman request is using the correct client certificate.

Verify Proxy Configuration: Make sure your Apigee Edge proxies are configured appropriately to require  client certificates. Here, Client Certificate 1 is required for Proxy 1, and Client Certificate 2 is required for Proxy 2. For certificate validation, check the JavaScript policy that has been put in place at the proxy level.

Logging and Debugging: To obtain further information regarding SSL handshake faults and other problems, enable high-level logging on Apigee Edge. It could be useful to identify the source of the sporadic errors.

Revocation of Certifications & Expiry: Verify that none of the client certificates have expired and that there are no certificate revocation checks. Failures in the SSL handshake might be caused by revoked or expired certificates.

Considerations for Load Balancing: To guarantee SSL session continuity, make sure that session persistence is properly configured if load balancing is being used. By doing this, SSL handshake errors caused by client and server session mismatches are avoided

Ayushman Pandey

0 Likes

Posted on --/--/---- --:-- AM
mmagtalas
Bronze 3
Bronze 3
In response to ayushmanp
Reply posted on --/--/---- --:-- AM

Hi. Thanks for the response. We already go through these steps to ensure that we have configured the setup from the virtual host and proxy level properly but still we're kind of stuck on finding out the possible cause of this intermittent "400 No required SSL certificate was sent" error. 

Posted on --/--/---- --:-- AM
mmagtalas
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi, @ dchiesa1 

May we ask your thoughts regarding this? 

Thanks!

 

Top Solution Authors
View all