Trying to Configure the 2 way ssl on private Colud
1. uploaded the client public cert to the Trust store
2. configured the Secure Virtual Host for API Proxy
when I am doing Curl to test the API Proxy.. getting the following error ..
* Trying x.x.140.120... * Connected to api.mydomain.com (x.x.140.120) port 443 (#0) * TLSv1.0, TLS handshake, Client hello (1): * TLSv1.0, TLS handshake, Server hello (2): * TLSv1.0, TLS handshake, CERT (11): * TLSv1.0, TLS handshake, Server key exchange (12): * TLSv1.0, TLS handshake, Request CERT (13): * TLSv1.0, TLS handshake, Server finished (14): * TLSv1.0, TLS handshake, CERT (11): * TLSv1.0, TLS handshake, Client key exchange (16): * TLSv1.0, TLS change cipher, Client hello (1): * TLSv1.0, TLS handshake, Finished (20): * Unknown SSL protocol error in connection to api.mydomain.com:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to api.mydomain.com:443
I appreciate any suggestions.. what am i missing
I am trying to do 2 way SSL between my clinet --------> Edge
Hi @rcgade,
A few questions:
Would you please post the VirtualHost configuration?
What version of cURL and Openssl are you using on your client?
Are you using cURL's built-in --cert and --key arguments to provide the Client-SSL cert and key to Edge?
If you are using Edge Cloud, we can get more specific (org name, host alias, cert details, etc) via a Support case, then we can post the solution after the fact with the specific details removed.
Please let us know. Thanks!
I don't have the virtual host config with me. We already have an API Proxy working on the same secure virtual host and its working.
We have added the new client public key into the same virtual host trust store.
Th CURL version
curl 7.30.0 (i386-pc-win32) libcurl/7.30.0 OpenSSL/0.9.8{ zlib/1.2.7 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
I am using CURL's built-in --cert and --key arguments to provide the Client-SSL
We have on premise hosted Apigee. Thanks for your help.
Virtual Host Config
External VIP : api.mydomain.com
Port : 443
Virtual Host : Secure
Port : 9002
Key alias : api _staging_MYDOMAIN_com
I tried calling the same api using the openssl s_client and following is the result:
c:\openssl>openssl s_client -connect api.mydomain.com:443 -CAfile "C:\cert\CaBundle.pem" -key "C:\cert\client.key" -pass "pass:password" -cert "C:\cert\client.pem" -tls1 Loading 'screen' into random state - done CONNECTED(00000554) depth=3 /C=IE/O=XXXX/OU=CyberTrust/CN=XXXX CyberTrust Root verify return:1 depth=2 /C=US/O=XXXXX/OU=Information Security/CN= XXXX verify return:1 depth=1 /C=US/ST=XX/L=XXX/O=XXXX/OU=Information Security/CN=xxxxxx.com verify return:1 depth=0 /C=US/ST=XX/L=XXXXX/O=xxxxxx/OU=xx/CN=xxxxx.com verify return:1 4548:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.\ssl\s3_pkt.c:539:
Please let me know.. if you need any more information
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |