Fetch WSDL Error: Could not download resource. peer not authenticated.

Not applicable

HI, i´m triying to create a new proxy and i tried using the radio button WSDL and the URL

https://213.0.121.90:4443/SContratacionWS/consultasSoapHttpPort?wsdl

but i get an error and the WSDL is not loaded .

Fetch WSDL Error: Could not download resource. peer not authenticated.

But if a try this in the browser i can check the WSDL without any problem.

I´m new in apigee maybe is an easy thing but i can´t find the error.

Thanks for the help

Solved Solved
0 11 2,038
1 ACCEPTED SOLUTION

Not applicable

After talking to Alex on Apigee, he can up with a way around the issue. Since uploading a new cert to the TrustStore, that can only be apply to connection post creation of the Proxy, the trustStore isn't a solution here. But what he advise was, download the WSDL as a file. Look at the WSDL xml and figure out all the places that has <include> that reference the SSL URL. Download that include manually, merge the WSDL and all those includes, and upload the WSDL as file. It worked for me.

View solution in original post

11 REPLIES 11

Not applicable

This may possibly be a defect, but we don't know at this time. I contacted Engineering to look at it and will update when new information is available.

Not applicable

We believe this may be an issue with your certificate. Can you try fixing your certificate or use http instead?

Not applicable

Hi,

I'm having the problem. I checked the SSL certificate (issued by RapidSSL) and it seems to be correct.

Any ideas ?

Thanks

I will go back to Engineering to see if they have any ideas of things to try

Not applicable

Hello Jakub,

Are you having problem with same wsdl listed in the beginning of this thread?

Have you tried saving the wsdl locally and use that offline wsdl file to create api proxy?

I tried wget on the wsdl URL and see the certificate error, unless I explicitly mention --no-check-certificate this wouldn't work. Same case in browser too, as you were taken to that certificate check page you take appropriate action by saying you trust certificate or don't want to proceed.

Hope this helps.

See the wget response I get on the certificate error:

wget https://213.0.121.90:4443/SContratacionWS/consultasSoapHttpPort?wsdl --2014-11-14 13:44:01-- https://213.0.121.90:4443/SContratacionWS/consultasSoapHttpPort?wsdl Connecting to 213.0.121.90:4443... connected. ERROR: cannot verify 213.0.121.90's certificate, issued by '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3': Unable to locally verify the issuer's authority. ERROR: certificate common name 'sanitassrv.sanitas.es' doesn't match requested host name '213.0.121.90'. To connect to 213.0.121.90 insecurely, use `--no-check-certificate'.

Hi Srini,

I've got a different WSDL. When I save it locally and import to Apigee it works fine. It only causes a problem when I specify it as a URL and try to Fetch it. With wget and --no-check-certificate I get it received correctly. Is it possible to somehow pass --no-check-certificate to apigee wizard ?

Thanks

Thank you for confirmation about offline WSDL import. Yes you are experiencing certificate issue and in browser once you accept this is added to trusted list and no more warning.

I'll check if the WSDL library we are using offer this --no-check-certificate option and also run it by security team. Adding --no-check-certificate may not be good idea on the server side as you want to be able to validate and add trusted certificate.

Thank you,

Srini

I am having the same issue, but I am not sure how to add the "--no-check-certificate". Can you elaborate more on this @Srini Chebrolu. I have already imported my cert/key/passphase into my keystore and still doesn't work.

Hi Churk,

The reason this is failing to fetch from your URL is due to the fact that you running into certificate issue. You can see the difference when you try this with wget on your WSDL url with out any options and try wget command again with "--no-check-certificate".

Solution for this issue is come up with a trusted domain for your site where you are hosting the WSDLs or try non secure (http). Offline WSDL is also a workaround for this problem.

Thank you,

Srini

Not applicable

After talking to Alex on Apigee, he can up with a way around the issue. Since uploading a new cert to the TrustStore, that can only be apply to connection post creation of the Proxy, the trustStore isn't a solution here. But what he advise was, download the WSDL as a file. Look at the WSDL xml and figure out all the places that has <include> that reference the SSL URL. Download that include manually, merge the WSDL and all those includes, and upload the WSDL as file. It worked for me.

sarthak
Participant V

Hi I am running into the same issue.

I can take the wsdl url and create a proxy and can call the wsdl service without any issues. But if I try to load even the proxied WSDL via API proxy creation wizard WSDL option I get this error.

If I try to call the proxied WSDL in the proxy creation wizard I don't even see it going through the trace of the proxy. I do not know why will that happen.

Can anyone please help ? The solutions listed above are extremely difficult . Because a main WSDL will have hundreds of dependent WSDLs and XSDs.

I can call the wsdl in a browser of SOAPUI perfectly. The Certificate is self signed.