We are getting below exception even after adding HTTPTargetConnection to disable client ssl authentication like below
<HTTPTargetConnection> <SSLInfo> <Ciphers/> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <KeyStore/> <KeyAlias/> <TrustStore/> <IgnoreValidationErrors>true</IgnoreValidationErrors> </SSLInfo> .... .... </HTTPTargetConnection>
1) ERROR SSL_COMPLIANCE - SSLComplianceTest.getSSLKeyAppender() : Exception occurred while fetching cache key with SSL details for Keystore : , Alias : Truststore :
2)ERROR SSL_COMPLIANCE - SSLComplianceTest$Context.handshakeFailed() : STATIC-TARGET[/organizations/xxxx], SSLDetails[enabled:true, clientAuthEnabled:false, keyStore:, keyAlias:, trustStore:, crlStorenull, commonName:null, useWildCardMatch: false,ciphers: [], protocols: [], ignoreValidations: true] General SSLEngine problem Caused by: General SSLEngine problem Caused by: No subject alternative names present
Any suggestions will be appreciated.
Solved! Go to Solution.
Maybe it is because you are including unused, empty elements in the configuration? Can you try a simpler configuration:
<SSLInfo> <Enabled>true</Enabled> <CommonName>foo.example.com</CommonName> </SSLInfo>
If you want to not use the default truststore, then
<SSLInfo> <Enabled>true</Enabled> <TrustStore>mytruststore</TrustStore> <CommonName>foo.example.com</CommonName> </SSLInfo>
Maybe it is because you are including unused, empty elements in the configuration? Can you try a simpler configuration:
<SSLInfo> <Enabled>true</Enabled> <CommonName>foo.example.com</CommonName> </SSLInfo>
If you want to not use the default truststore, then
<SSLInfo> <Enabled>true</Enabled> <TrustStore>mytruststore</TrustStore> <CommonName>foo.example.com</CommonName> </SSLInfo>
for only simple https
<SSLInfo> <Enabled>true</Enabled> </SSLInfo>
for mtls
<SSLInfo> <ClientAuthEnabled>true</ClientAut<KeyStore>hEnabled> <Enabled>true</Enabled> <KeyStore>ref://keystore_ref</KeyStore> <KeyAlias>keyalias_name<KeyAlias> <TrustStore>ref://truststore_ref</TrustStore> <IgnoreValidationErrors>true</IgnoreValidationErrors> </SSLInfo>
you can do target server configuration, that makes easy and decoupled proxy code and target configuration.