Getting "unexpected validation error null" while deploying proxy

As per Apigee documentation, I have created truststore for making backend calls over HTTPs and configured it in my service call out policy as mentioned below. I could see the trust store under Admin --> TLS Certificates from Edge UI. But getting an error "unexpected validation error null" while deploying the proxy. Looks like RMP node doesn't recognize the trust store. I have performed the creation of trust store on Management Server node assuming it will reflect to all the components. Do I need to perform the same on all RMP nodes? Pls help?

Note: I am using Apigee on-prem instance.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout name="SC-Call-To-Source" enabled="true" continueOnError="false" async="false">
    <DisplayName>SC-Call-To-Source</DisplayName>
    <Properties/>
    <Request variable="request" clearPayload="true">
        <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
        <Set>
            <Path>test/test</Path>
        </Set>
    </Request>
    <Response>response</Response>
    <HTTPTargetConnection>
        <Properties/>
	<URL>https://example.com</URL>
        <SSLInfo>
        <Enabled>true</Enabled>
        <ClientAuthEnabled>true</ClientAuthEnabled>
        <TrustStore>ref://truststoreref</TrustStore>
    </SSLInfo>
    </HTTPTargetConnection>
</ServiceCallout> 
0 4 669
4 REPLIES 4

Hi @Mahammad Feroz

Assuming you have followed the steps correctly. If not, please verify your steps as mentioned here.

Also in your HTTPTargetConnection - just provide the trust store name. In your case

<TrustStore>truststoreref</TrustStore>

Hope this helps

@Sai Saran Vaidyanathan, as I am using trsutstore reference, configured it like that. I have followed the same steps as described in the Apigee provided document. Here are the steps:

  • Created the PEM file and added all the backend provided certificates
  • Created truststore and uploaded the PEM file
  • Created the truststore reference
  • Created an API proxy and configured Service Callout policy to use the truststore reference

As mentioned in my earlier post, I have created truststore on Management Server node only. Do I need to create the same on each RMP node as they are installed on different nodes?

@Mahammad Feroz no assuming you only want to enable TLS on for the Virtual Hosts:
http://docs.apigee.com/api-services/content/creating-virtual-host

Not applicable

Hi @Mahammad Feroz, The above should work just fine but I have noticed sometimes that you may have to restart your rmps for the truststore changes to considered.

BTW do you see any .bad files in your /opt/nginx/conf.d?