This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Error 503 when connecting HTTPS Target Server

Posted on 05-17-2017 06:45 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I've created a new Target Server 

{
  "host": "<HOST>",
  "isEnabled": true,
  "name": "<NAME>",
  "port": 443,
  "sSLInfo": {
    "ciphers": [],
    "clientAuthEnabled": "false",
    "enabled": "true",
    "ignoreValidationErrors": true,
    "protocols": []
  }
}
When i want to connect, i'got a 503 error 
{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.NoActiveTargets"}}}

In the documentation, I saw that I had to add ssIInfo.enabled=true to activate the https connection between Apigee and my API but it doesn't work.

Do you have any idea?

Julien

0 8 793
Topic Labels
0 Likes
8 REPLIES 8

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

One possible scenario is that you need to specify to use a proxy server to access the target. You can do that as part of the HTTPTargetConnection configuration. Here is a snippet:

<HTTPTargetConnection>
<Properties>
<Property name="use.proxy">true</Property>
</Properties>

</HTTPTargetConnection>

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Is this on Cloud or Private cloud?
Do you know if you have connectivity to that backend from edge and if that service is up?

pls add more details.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

My API is on Public Cloud, I can access it directly in HTTP and HTTPS. With Apigee, I can only access it in HTTP and I get this error in HTTPS

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Have you verified that the certificate for your host is valid?

You can run something like:

echo | openssl s_client -showcerts -servername apigee.com -connect apigee.com:443 2>/dev/null | openssl x509 -inform pem -noout -text

Pay attention to the ciphers, dates, etc. If these look good, PM me with the host name and I will verify from another org. It is possible that your org does not support SNI which is required for some configurations.

0 Likes

Posted on --/--/---- --:-- AM
gregkuelgen
Staff
In response to
Reply posted on --/--/---- --:-- AM

David's advice is solid.

Note that I was able to recreate this issue using https://httpbin.org. Httpbin's certificate it is missing the Organization (O) and Organization Unit (OU). It causes the same error you report.

The error you are seeing is likely due to something with the certs causing an SSL handshake issue.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hello,

I think my cert is correct. You can test it at https://flowchart.preprod.lefebvre-sarrut.eu.

Thanks

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Are you using Loadbalancer (http://docs.apigee.com/api-services/content/load-balancing-across-backend-servers) and health Monitor in the HTTP target endpoint definition to route your calls?

We recently found a bug with that and want to make sure you are not running into the same. @Julien NOEL

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

As anyone been able to solve this issue?

I'm experiencing exactly the same behaviour.

0 Likes