Solved: 2 Way TLS Setup between API Proxy and Backend Targ...

Report Inappropriate Content · 07-26-2017 09:09 AM

I've setup an API Proxy to my backend target, loaded a client certificate in a keystore, created a KeyStoreRef and deployed the setup as per the guide

http://docs.apigee.com/api-services/content/configuring-ssl-edge-backend-service#configuringtwowaytl...

When running a test I get error 503, and looking at the logs in my target backend device, I can see the connection but it is not supplying the client certificate. Anyone have any ideas if I missed anything please?

Report Inappropriate Content

Hi,

Place the full CA chain into the keystore that is going to be used in the client side response. So

the keystore contains - client cert - intermediate cert(s) - root CA certificate

That should resolve the issue.

View solution in original post

cmbrown

is the backend using a self signed cert ? If so you need to also create a truststore.

Report Inappropriate Content

Both the server cert at the back end and the client cert I'm trying to send are EnTrust certs, so should not need a trust store.

Report Inappropriate Content

Hi,

I am currently working on an similar issue. I will post back here my findings.

regards,

Report Inappropriate Content

Thanks Russell, I believe from looking at my audit logs it's my issue you're looking at. 🙂

anilsr

@Russell Blewitt , Answers are strictly for answers. Please use comments for feedback / queries etc. Converting it to comment. Thank you.

Report Inappropriate Content

Hi,

Place the full CA chain into the keystore that is going to be used in the client side response. So

the keystore contains - client cert - intermediate cert(s) - root CA certificate

That should resolve the issue.

Report Inappropriate Content

It worked a treat Russell. Thanks for all the help.

2 Way TLS Setup between API Proxy and Backend Target failing to send Client Certificate