{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • General
    • Business of APIs
    • API Design
    • Academy/Certification
    • Analytics
    • Apigee Test - beta
    • Apigee-127
    • BaaS/Usergrid
    • Developer Portal
    • Edge/API Management
    • Events
    • Insights
    • Integration (AWS, PCF, Etc.)
    • IoT - Apigee Link
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
2
Question by Yann · Feb 16, 2017 at 04:34 PM · 476 Views api proxyapigeesslaws

Cannot proxify an AWS API Gateway endpoint

I try to create an apigee proxy to an AWS API Gateway endpoint and I alway receive a 503 response :

error The Service is temporarily unavailable
type ErrorPoint
state TARGET_REQ_FLOW
error.class com.apigee.errors.http.server.ServiceUnavailableException
error.cause Received fatal alert: handshake_failure
Identifier fault
<HTTPTargetConnection>
    <URL>https://XXXXXXXX.execute-api.eu-west-1.amazonaws.com</URL>
    <SSLInfo>
        <Enabled>true</Enabled>
        <ClientAuthEnabled>false</ClientAuthEnabled>
        <IgnoreValidationErrors>false</IgnoreValidationErrors>
        <TrustStore>myTruststore</TrustStore>
        <!--
        <Protocols>
            <Protocol>TLSv1.2</Protocol>
        </Protocols>
        -->
    </SSLInfo>
</HTTPTargetConnection>

Of course I can successfully curl the AWS API Gateway endpoint in a terminal. Why apigee can't ?

Any help ?

Thanks.

Comment
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image DinoChiesa-at-Google ♦ · Feb 16, 2017 at 09:51 PM 0
Link

but why are you using Apigee Edge to act as a proxy in front of another API Gateway?

avatar image Yann DinoChiesa-at-Google ♦ · Feb 17, 2017 at 08:15 AM 1
Link

API Gateway is a temporary solution we use until we migrate our services on a new platform.

Close

2 Answers

· Add your answer
  • Sort: 
avatar image
1
Best Answer

Answer by DinoChiesa-at-Google · Feb 16, 2017 at 09:50 PM

I suspect the problem is SNI.

Not all Apigee Edge organizations are set up to perform SNI outbound correctly.

Your AWS endpoint uses SNI, but Apigee Edge isn't doing the right thing.

What kind of organization is it? Paid or Trial?

If Trial, can you please set up a new trial organization (with a new email) and try it THERE ?

If Paid, you will need to contact Apigee Support.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Yann · Feb 17, 2017 at 08:13 AM 0
Link

Thanks for your response. It's a paid one. I will contact Apigee support.

avatar image
0

Answer by Rahul · Feb 23, 2017 at 11:49 AM

Yann - Have you resolved this issue? I could see that APIGEE doesn't support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher. In successful curl to Amazon API gateway, SSL connection is using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256. I have tried to connect using both trial and paid version but getting same error.

Comment
Add comment Show 5 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Yann · Feb 23, 2017 at 02:29 PM 0
Link

@Rahul

No I have not. Apigee does not support SNI. But it seems that support can activate this feature...

avatar image Dino ♦♦ Yann   · Feb 23, 2017 at 04:00 PM 0
Link

Did you decide to not ask Apigee Support to activate this for you? If so, why?

avatar image Simone Fumagalli · Jun 05, 2017 at 09:26 AM 0
Link

Seems like I'm having the same issue. Everything was working when on "trial" plan but now I get "Received fatal alert: handshake_failure"

avatar image Dino ♦♦ Simone Fumagalli   · Jun 05, 2017 at 06:13 PM 0
Link

Can you please ask your question in a new question rather than asking in a comment to a question that is 4 months old? also, have you checked the accepted answer here? It suggests that you contact Apigee Support. Have you done that?

avatar image Simone Fumagalli Dino ♦♦ · Jun 06, 2017 at 06:29 AM 0
Link

I already contacted the support. Mine was not a question. I just wanted to tell all people having this same issue that this problem is still present for "Paid organization"

Your answer

Hint: You can notify a user about this post by typing @username

Up to 5 attachments (including images) can be used with a maximum of 5.0 MB each and 25.0 MB total.

Follow this Question

Answers Answers and Comments

67 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

How to use a Javascript callout to get a PNG image 8 Answers

Regarding SSL Registration for API Gateway 0 Answers

How to retrieve key alias for SSL Info in Service Callout 2 Answers

Generate random token number 2 Answers

Apigee Edge : Can API Proxy talk to MSSQL Server ? Does Apigee Support's it ? Any example ? 2 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2018 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • General
  • Business of APIs
  • API Design
  • Academy/Certification
  • Analytics
  • Apigee Test - beta
  • Apigee-127
  • BaaS/Usergrid
  • Developer Portal
  • Edge/API Management
  • Events
  • Insights
  • Integration (AWS, PCF, Etc.)
  • IoT - Apigee Link
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges