I'm not being able to invoke HTTPS cloud endpoints, for example https://apps.continente.pt/darock/?wsdl.
I already created my server with SSLInfo like below
<SSLInfo> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> </SSLInfo>
and also like
<SSLInfo> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <TrustStore>truststore</TrustStore> </SSLInfo>
In my truststore I imported the certificate chain in several ways:
Nothing seems to work.
I'm getting somewhat desperate.
Can anyone help me?
Best regards,
Ernesto.
You don't need a truststore configured as the cloud endpoints appear to have CA signed certificates. This to me appears to be a targetserver configuration issue. Can you ensure that targetserver config looks like the one below:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <TargetServer name="Target_Server"> <IsEnabled>true</IsEnabled> <Host>secure.host.com</Host> <Port>443</Port> <SSLInfo> <Ciphers/> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <Protocols/> </SSLInfo> </TargetServer>
Thank you for your reply.
Still, after recreating the server as you specified, only changing the host to apps.continente.pt, and redeploying the proxy (just to make sure it was up-to-date), I'm still receiving the error below:
{ "Envelope": { "encodingStyle": "http://schemas.xmlsoap.org/soap/encoding/", "Body": { "Fault": { "faultcode": "soap:Server", "faultstring": "The Service is temporarily unavailable", "faultactor": {}, "detail": { "source": { "errorcode": "messaging.adaptors.http.flow.NoActiveTargets" } } } } } }
Any thoughts?
I forgot to mention I'm using cloud version of Edge so logs are limited to trace...
The issue here is that your backend is SNI enabled but the Apigee message processors have not been configured to support the same. Hence the backend is returning a handshake_failure. The following call confirms that your backend is configured with SNI:
openssl s_client -servername apps.continente.pt -tlsextdebug -connect apps.continente.pt:443 2>/dev/null | grep "server name"
TLS server extension "server name" (id=0), len=0
I will log a ticket and reach out to you to take this forward.
Thank you.
Please let me know so I can pursue this.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |