Hi all
I am currently having problems connecting to an https service via my microgateway instance (running Node v4.6.0). The SSL certificates used by the service is issued by our internal CA
Whenever a request is made, the Microgateway responds with the following:
{"message":"unable to get local issuer certificate","code":"UNABLE_TO_GET_ISSUER_CERT_LOCALLY"}
I've added the certs for our internal CA to the server running the microgateway and a curl happily accesses the service directly.
I've also tried directly pointing Node to the certificates using the following but the outcome remains the same.
npm config set cafile /etc/ssl/certs/ca-certificates.crt
Any suggestions?
Thanks
David
Did you setup the config.yaml file as described here? http://docs.apigee.com/microgateway/latest/edge-microgateway-operations#usingclientssltlsoptions
Somehow I missed that! I will have a go and let you know my progress.
I had to park this for a while. Now I am back this time using version 2.3.1 of the microgateway and the problems are the same. The microgateway happily talks to services signed by public CAs however services signed by our internal CAs still do not work.
According to the documentation http://docs.apigee.com/microgateway/latest/operation-and-configuration-reference-edge-microgateway#c... , specifying the ca option in the client block should have resolved this.
Thoughts?
What error do you get @David Silcott?
@Srinandan Sridhar I get the following response when I run curl -i using a valid bearer token. If the proxy is configured to point a service signed by a public CA it goes through with no issue
HTTP/1.1 502 Bad Gateway Date: Thu, 05 Jan 2017 15:58:17 GMT Connection: keep-alive Content-Length: 95 {"message":"unable to get local issuer certificate","code":"UNABLE_TO_GET_ISSUER_CERT_LOCALLY"}
A temporary solution is to set
rejectUnauthorized:false
in the configuration file while we investigate the problem. Are you still setting the "npm config"? Also, what platform are you trying on?
Hi @Srinandan Sridhar My targets block is as below
targets: host: 'internal.service.mycompany.com' ssl: client: key: /certs/client.key cert: /certs/client.crt ca: /certs/ca-certificates.crt rejectUnauthorized: false
No, I am no longer setting "npm config"
I am currently running the microgateway in a Docker container built from a Docker file based on https://github.com/kevinswiber/apigee-edgemicro-docker/blob/master/Dockerfile
FROM mhart/alpine-node:6.9.2 RUN apk --update add openssl ca-certificates && \ rm -rf /var/cache/apk/* /tmp/* COPY ./internal-certs/ /usr/local/share/ca-certificates/ COPY ./apigee-edgemicro/configure.sh /usr/bin/local/configure.sh RUN chmod +x /usr/bin/local/configure.sh && update-ca-certificates RUN npm install -g edgemicro@2.3.1 EXPOSE 8000 CMD ["edgemicro", "start"]