This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Need assistance on accessing a Self-signed Server

Posted on 12-22-2015 09:25 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I would like to kindly ask for assistance, as we are try to access a self-signed server on Apigee (on premise), we get the ff. response:

1706-image.png

Edit:

However it works on a Personal Apigee and also when accessing the HTTPS URL directly in browser.

Best Regards,

Alvin Cris Tabontabon

Solved Solved
0 11 273
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Problem Solved! I set the Protocol in the SSLInfo and it works!

Thank you sir @sarthak for your help!

        <SSLInfo>
            <Enabled>true</Enabled>
            <TrustStore>myTrustStore</TrustStore>
          	<Protocols>
                <Protocol>TLSv1</Protocol>
            </Protocols>
        </SSLInfo>

View solution in original post

Jump to Solution
11 REPLIES 11

Posted on --/--/---- --:-- AM
sarthak
New Member
Reply posted on --/--/---- --:-- AM

I don't think the service having a self service certificate is the issue.

It is saying the remote server closed the connection. Maybe the service is slow?

Can you try to call the service configured as a target endpoint and not as a service callout. When you run Trace you might get some clues about what might be going on.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to sarthak
Reply posted on --/--/---- --:-- AM

Hello sarthak,

Thanks for the reply. Please see my updated question. Thanks in advance!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sarthak
New Member
In response to
Reply posted on --/--/---- --:-- AM

So by personal Apigee you mean Apigee cloud? And it is working fine from there? And is not working when you calling the service from your on-prem Apigee installation?

Is there any sort of firewall/network segmentation for which the Apigee instance is not able to reach the backend.

I can think of a few things to do to try to debug:

1. As I mentioned earlier try to use the backend URL as a target and then run trace and see what is captured there.

2. ssh into the Apigee instance (where you have your MPs) and try to curl the APIs and see the response.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to sarthak
Reply posted on --/--/---- --:-- AM

Hi sarthak,

Thank you very much for your response, I tried your workaround (#1) and I'm getting this response (please see the screenshot below)

1784-selection-195.png

Do you have any thoughts on this?

Edit:

Here's the code snippet of my target endpoint

<TargetEndpoint name="MyEndPoint">
    <Description/>
    <FaultRules/>
    <Flows/>
    <HTTPTargetConnection>
        <SSLInfo>
            <Enabled>true</Enabled>
            <TrustStore>myTrustStore</TrustStore>
        </SSLInfo>
        <URL>https://someSecuredUrl/</URL>
    </HTTPTargetConnection>
    <PreFlow name="PreFlow">
        <Request/>
        <Response/>
    </PreFlow>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</TargetEndpoint>

Thanks in advance!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sarthak
New Member
Reply posted on --/--/---- --:-- AM

Can you please upload the trace output? You can download it as XML and upload here?

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to sarthak
Reply posted on --/--/---- --:-- AM

Hi Sir, Please see the attached file. Thank you.

debug-data-7xml.tar.gz

debug-data-7xml.tar.gz
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to sarthak
Reply posted on --/--/---- --:-- AM

Is it a firewall issue?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sarthak
New Member
In response to
Reply posted on --/--/---- --:-- AM

Not sure. I am more leaning towards a cert issue.

The connection to the backend is not even getting established for some reason. Thats pretty much sure from the Trace. But that can happen for a firewall issue or might be for certificate issues.

See if this thread gives you any clue: https://community.apigee.com/questions/9237/apigee-proxie-with-amazon-gateway-api-503-service.html.

If this does not help then I would suggest you to open up either a support ticket or work with any other technical contact whom you may have inside Apigee. I think it would need to get on a screen shared call and debug it together.

Sorry could not be of more help.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Problem Solved! I set the Protocol in the SSLInfo and it works!

Thank you sir @sarthak for your help!

        <SSLInfo>
            <Enabled>true</Enabled>
            <TrustStore>myTrustStore</TrustStore>
          	<Protocols>
                <Protocol>TLSv1</Protocol>
            </Protocols>
        </SSLInfo>
Jump to Solution

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

Awesome @Alvin Cris Tabontabon , Thank you for sharing the solution with community. I am sure it will be helpful for others. Thank you @sarthak for helping.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sgilson
New Member
In response to anilsr
Reply posted on --/--/---- --:-- AM

@Anil Sagar I htought <Protocols> was optional. From the doc:

"If no protocols are specified, then all protocols available for the JVM will be permitted."

Was there a reason it was required in this case?

Stephen

Jump to Solution
0 Likes
Top Solution Authors
View all