Error : SELF_SIGNED_CERT_IN_CHAIN while doing veri...

shekhar_jain · 05-02-2016 12:39 PM

When trying to verify my setup I got the following error(s)

EC_C02MW0YUFD58:~ tkmac3i$ edgemicro verify -o kohls-dev -e dev -k *********** -s *******

ℹ edge micro agent listening on 9000

warning: jwt_public_key download from https://kohls-dev-dev.apigee.net/edgemicro-auth/publicKey returned { [Error: self signed certificate in certificate chain] code: 'SELF_SIGNED_CERT_IN_CHAIN' }

warning: error downloading config, please check bootstrap configuration { [Error: self signed certificate in certificate chain] code: 'SELF_SIGNED_CERT_IN_CHAIN' }

warning: no edge micro proxies found in org

warning: no products found in org

warning: failed to download jwt_public_key

saved config does not exist /var/tmp/edgemicro-config-kohls-dev-dev.yaml

fatal: cached config not available, unable to continue

prabhat

Hmm when I do

curl -X GET https://kohls-dev-dev.apigee.net/edgemicro-auth/publicKey

I get similar errors. There could be a flag we can set to ignore but I doubt that's the solution you want. Better would be to fix SSL cert itself. How is SSL cert in your org configured? Here is the output from my curl command:

curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

shekhar_jain

That may be because we don't use the Apigee dns for our environment (kohls-dev-dev.apige.net). We use dev-api.kohls.com but I get a 404 error when I try to do 'curl -X GET https://dev-api.kohls.com/edgemicro-auth/publicKey'

prabhat

I get an error when I hit with https https://dev-api.kohls.com/edgemicro-auth/publicKey but not when I hit with http http://dev-api.kohls.com/edgemicro-auth/publicKey. So while you sort out SSL stuff, you can make progress with Microgateway by updating ~/.edgemicro/kohls-dev-dv-config.yaml for the field jwt_public_key:

shekhar_jain

By changing the ~/.edgemicro/kohls-dev-dv-config.yaml property jwt_public_key I was able to get past that error but I gut stuck on the following

verifying bootstrap url availability:OK

installed plugin from /Users/tkmac3i/apigee-edge-micro-1.1.2/plugins/analytics

verifying jwt_public_key availability: OK

verifying products availability: FAIL

{ pid: 51778,

uid: 'MTQ2MjIzMDMzMjAwOQ',

running: true,

restarts: 0,

since: '2016-05-02T23:05:32.017Z' }

MTQ2MjIzMDMzMjAwOQ on exit

verification finished with errors

{ [Error: self signed certificate in certificate chain] code: 'SELF_SIGNED_CERT_IN_CHAIN' }

prabhat

Which version of Microgateway are you using? I recommend to use the latest, 2.0.0 if not already doing that. You will find that it's easier to get going since there is no longer agent. It's just one process and you can do it from one terminal.

shekhar_jain

This is using version 2.0.0

If I want to start the server how do I do it. The 'edgemicro start' command appears to be deprecated

EC_C02MW0YUFD58:~ tkmac3i$ edgemicro start

Usage: edgemicro [options] [command]

Commands:

agent <action> agent commands, see: "edgemicro agent -h"

cert <action> certificate commands, see: "edgemicro cert -h"

token <action> token commands, see: "edgemicro token -h"

private <action> private commands, see: "edgemicro private -h"

configure [options] automated, one-time setup for a new edgemicro instance

deploy-edge-service [options] deploy edge micro support server to Apigee

genkeys [options] generate authentication keys

verify [options] verify Edge Micro configuration by testing config endpoints

help [cmd] display help for [cmd]

Options:

-h, --help output usage information

EC_C02MW0YUFD58:~ tkmac3i$

sudheendras

Hi @shekhar.jain To start Edge Micro 2.0, you run the following command :

$edgemicro start -o {your_org} -e {your_env} -k *** -s ***

However the output you have above makes me think what you have is not 2.0, but Edge Micro 1.x. I have 2.0 installed and when I run the start command with no arguments I see this -

$edgemicro start

key is required

  Usage: start [options]
  start the gateway based on configuration
  Options:
    -h, --help                   output usage information
    -o, --org <org>              the organization
    -e, --env <env>              the environment
    -k, --key <key>              key for authenticating with Edge
    -s, --secret <secret>        secret for authenticating with Edge
    -c, --cluster                will cluster the server
    -p, --processes <processes>  number of processes to start, defaults to # of cores
    -d, --pluginDir <pluginDir>  absolute path to plugin directory

Error : SELF_SIGNED_CERT_IN_CHAIN while doing verify