Tracing api proxy on https virtual host fails from the trace tool

oyamatakuro
Participant IV

I tried tracing some api proxy deployed on https virtual host and it fails from the trace tool with the following error message.

-------
Error Sending Request
Could not connect to https://10.125.66.45:9102/test. Make sure the URL is correct.
-------

I guess the reason is that the trace tool does not trust the server with self-signed certificate because

- I only configured one-way (not two-way) TLS in the virtualhost settings.

- I found the following error in /opt/apigee/var/log/edge-ui/edge-ui.log
-------

/v1/organizations/myorg/apis/test/revisions/1/proxies/default, Response : 200
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
-------

If my guess is right, is there any way to disable server certificate validation by the trace tool or set self-signed certificate as trustable from the trace tool?

Any help to resolve this will be appreciated

Thanks,

2 4 425
4 REPLIES 4

Not applicable

Whats your host alias in the virtualhost?
Is this cloud or private cloud?

@Maruti Chand ,

Thanks for your comment.

The host alias is set as <host ip address>:<port number>.
This is on Edge for Private Cloud.

Hi @Takuro Oyama

I have seen this problem on my OPDK installation. To resolve it, I needed to add the self-signed cert to the list of certs trusted by the OS, on the server where edge-ui is running. This allows the Trace UI to trust the cert.

What I did is described in this answer.

Regarding self-signed certificates in general, you may be interested in this discussion on stackoverflow, and also in the linked-to material, which discusses "private CAs". That option may be nicer that issuing a self-signed cert, if you are generating more than one certificate.

Hi @Dino

Thanks for your answer and information.

I check them.