This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

HTTPS server problems: 503 messaging.adaptors.http.flow.NoActiveTargets error

Posted on 08-07-2017 09:45 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I'm not being able to invoke HTTPS cloud endpoints, for example https://apps.continente.pt/darock/?wsdl.

I already created my server with SSLInfo like below

 <SSLInfo>
        <ClientAuthEnabled>false</ClientAuthEnabled>
        <Enabled>true</Enabled>
        <IgnoreValidationErrors>false</IgnoreValidationErrors>
    </SSLInfo>

and also like

 <SSLInfo>
        <ClientAuthEnabled>false</ClientAuthEnabled>
        <Enabled>true</Enabled>
        <IgnoreValidationErrors>false</IgnoreValidationErrors>
        <TrustStore>truststore</TrustStore>
    </SSLInfo>

In my truststore I imported the certificate chain in several ways:

  • the complete chain (CERT+CA1+CA2+ROOT)
  • without the initial cert (CA1+CA2+ROOT)
  • only part of the chain (CA1+ROOT and CA2+ROOT)
  • only the ROOT

Nothing seems to work.

I'm getting somewhat desperate.

Can anyone help me?

Best regards,

Ernesto.

0 4 2,765
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM
@Ernesto Costa

You don't need a truststore configured as the cloud endpoints appear to have CA signed certificates. This to me appears to be a targetserver configuration issue. Can you ensure that targetserver config looks like the one below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetServer name="Target_Server">
    <IsEnabled>true</IsEnabled>
    <Host>secure.host.com</Host>
    <Port>443</Port>
    <SSLInfo>
        <Ciphers/>
        <ClientAuthEnabled>false</ClientAuthEnabled>
        <Enabled>true</Enabled>
        <IgnoreValidationErrors>false</IgnoreValidationErrors>
        <Protocols/>
    </SSLInfo>
</TargetServer>
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Thank you for your reply.

Still, after recreating the server as you specified, only changing the host to apps.continente.pt, and redeploying the proxy (just to make sure it was up-to-date), I'm still receiving the error below:

{
    "Envelope": {
        "encodingStyle": "http://schemas.xmlsoap.org/soap/encoding/",
        "Body": {
            "Fault": {
                "faultcode": "soap:Server",
                "faultstring": "The Service is temporarily unavailable",
                "faultactor": {},
                "detail": {
                    "source": {
                        "errorcode": "messaging.adaptors.http.flow.NoActiveTargets"
                    }
                }
            }
        }
    }
}

Any thoughts?

I forgot to mention I'm using cloud version of Edge so logs are limited to trace...

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM
@Ernesto Costa

The issue here is that your backend is SNI enabled but the Apigee message processors have not been configured to support the same. Hence the backend is returning a handshake_failure. The following call confirms that your backend is configured with SNI:

openssl s_client -servername apps.continente.pt -tlsextdebug -connect apps.continente.pt:443 2>/dev/null | grep "server name"

TLS server extension "server name" (id=0), len=0

I will log a ticket and reach out to you to take this forward.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Thank you.

Please let me know so I can pursue this.

0 Likes