How do I set truststore in apigee microedge enviro...

deepak_gunaseka · 06-05-2017 02:43 PM

Need to configure a https target url for a microedge setup. The target https certificate is signed by an internal CA.

To achieve the above, I need to add an internal CA root and internal intermediate CA as trusted cert authority in micro edge setup. - Can someone shed some lights on how do I configure the cacerts truststore in microedge setup

Former Community Member

You should be able to add the "ca" property in the config yaml file. Here is an excerpt from help (http://docs.apigee.com/microgateway/latest/operation-and-configuration-reference-edge-microgateway#configuringsslontheedgemicrogatewayserver):

     ssl:
       key: /Users/jdoe/nodecellar/twowayssl/ssl/server.key
       cert: /Users/jdoe/nodecellar/twowayssl/ssl/server.crt
       ca: /Users/jdow/nodecellar/twowayssl/ssl/ca-cert.pem

deepak_gunaseka

Tried the same but still getting the below error

"message":"unable to get local issuer certificate","code":"UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Former Community Member

Can you please show me your config.yaml file (relevant stanzas)?

Report Inappropriate Content

Hi Srinandan Sridhar,

Please find the configuration we added.

edgemicro:
port: 8000
max_connections: 1000
max_connections_hard: 5000
max_times: 300
config_change_poll_interval: 600
targets:
ssl:
client:
ca: /usr/local/ecomm/ca.crt
rejectUnauthorized: false
logging:
level: error
dir: /var/tmp
stats_log_interval: 60
rotate_interval: 24
plugins:
sequence:
headers:
x-forwarded-for: true
x-forwarded-host: true
x-request-id: true
x-response-time: true
via: true
oauth:
allowNoAuthorization: false
allowInvalidAuthorization: false

How do I set truststore in apigee microedge environment [internal root and intermediate CA needs to be added in].