This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee X (cloud Evaluation) - Proxy not able to pickup KeyStore Alias name

Posted on 01-25-2022 11:08 AM
fcasteluber
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello all,

I´m using an evaluation Apigee X from GCP and I´m facing the following error when trying to deploy my proxy using Apigee X UI. The target endpoint requires mTLS: 

"required reference "organizations/ORGNAME/environments/eval/references/RefTesteKey" to keystore "organizations/vli-integrarodo-dev/environments/eval/keystores/KeyStoreMTLS" is missing required key_cert aliases [myKeyAlias]"

Just for testing purposes, I´ve also tried to use the keystore name as an alternative (not the reference) but still apigee is not identifying my key alias. Please find below the SSL config that I´m trying to configure:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<Flows/>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<HTTPTargetConnection>
<URL>https://mytargetendpoint/v1/products</URL>
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>true</ClientAuthEnabled>
<KeyStore>ref://RefTesteKey</KeyStore>
<KeyAlias>myKeyAlias</KeyAlias>
<IgnoreValidationErrors>false</IgnoreValidationErrors>
</SSLInfo>
</HTTPTargetConnection>
</TargetEndpoint> 

Also, I´ve double checked the key alias by calling apigee googleapis (cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.keystores/get) and the result is as per below:

fcasteluber_0-1643137413945.png

Could you please kindly advise if I am missing any step or configuration?

Kind Regards

 

Solved Solved
1 4 442
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

Thanks for raising this. I believe the error message you're getting is misleading.

I think you may need to create a new alias, and ensure you're specifying both a certificate and key. 

It seems if you do not specify the key which is required, when you attempt to use that alias in your proxy, it's providing a misleading error message

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

Thanks for raising this. I believe the error message you're getting is misleading.

I think you may need to create a new alias, and ensure you're specifying both a certificate and key. 

It seems if you do not specify the key which is required, when you attempt to use that alias in your proxy, it's providing a misleading error message

Jump to Solution

Posted on --/--/---- --:-- AM
fcasteluber
Bronze 1
Bronze 1
In response to dknezic
Reply posted on --/--/---- --:-- AM

Thank you very much dknezic! For sure, the error message was misleading. After changing the certificate type I was able to deploy.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
srraorams
Bronze 1
Bronze 1
In response to dknezic
Reply posted on --/--/---- --:-- AM

Hi , we are facing the similar issue , we have a CA signed cert for our Kafka application which is target for Apigee , we are trying to create a Keystore and Keyalias and upload the CA signed cert , however we are getting error like below :
generic::failed_precondition:required reference is missing required key cert aliases.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dknezic
Staff
In response to srraorams
Reply posted on --/--/---- --:-- AM

Can you please post this as a new question and include details on how you're trying to create it as it sounds like you're creating a reference not a key store.

Jump to Solution
0 Likes