This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can the FQDN of the target endpoint for a proxy contain underscore?

Posted on 08-11-2023 10:40 AM
IanCosta
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi All,

We have a requirement where we need to expose a proxy on Apigee. This proxy has to connect to a backend however the backend exposes their API using a FQDN which contains an underscore such as https://hello_apigee.com/test

Could you please let me know whether Apigee can support such FQDNs i.e. FQDN with underscore.

Regards,

Ian

Solved Solved
2 2 167
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Hmm I've never tried that.  So I don't know.  It should be easy to try it.  Do you have an example endpoint? It's possible that the underlying platform libraries that Apigee uses, will reject a DNS name containing an underscore. 

Regardless whether it "works" or not, it seems like going against the grain, eh? a few years ago, the CA/Browser Forum adopted a measure that bans the use of underscores in DNS Names. 

underscore-not-supported-in-certs.png

You used the https scheme in your example URL, and also asked another question, which referenced mTLS. From those clues,  I suppose you will want to use TLS to connect to this remote endpoint. But I guess you won't have a publicly-trusted CA issuing the cert for your upstream that uses an underscore in the name.  If it's a self-signed cert, or if you're using a private CA, I suppose there will be no problem, as long as the hostname resolution works, and the names on the cert match (underscore or not).  Or if you are using a wildcard cert (*.example.com) for a domain like (my_domain.example.com), that would probably work. 

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Hmm I've never tried that.  So I don't know.  It should be easy to try it.  Do you have an example endpoint? It's possible that the underlying platform libraries that Apigee uses, will reject a DNS name containing an underscore. 

Regardless whether it "works" or not, it seems like going against the grain, eh? a few years ago, the CA/Browser Forum adopted a measure that bans the use of underscores in DNS Names. 

underscore-not-supported-in-certs.png

You used the https scheme in your example URL, and also asked another question, which referenced mTLS. From those clues,  I suppose you will want to use TLS to connect to this remote endpoint. But I guess you won't have a publicly-trusted CA issuing the cert for your upstream that uses an underscore in the name.  If it's a self-signed cert, or if you're using a private CA, I suppose there will be no problem, as long as the hostname resolution works, and the names on the cert match (underscore or not).  Or if you are using a wildcard cert (*.example.com) for a domain like (my_domain.example.com), that would probably work. 

Jump to Solution

Posted on --/--/---- --:-- AM
IanCosta
Bronze 2
Bronze 2
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi,

Thank you for the response. It is indeed not as per the norm and thus the confusion whether this would be supported within Apigee or not. I will give it a try and check based on the endpoint and certificate.

Additionally, this question is not related to my other question regarding mTLS as they are separate use cases. 

Regards,

Iam

Jump to Solution
0 Likes
Top Solution Authors
View all