503,The Service is temporarily unavailable, Received fatal alert: handshake_failure

Not applicable

I tried to hit the targetURL https://swapi.co/api/ from my free org. As mentioned in this post

https://community.apigee.com/questions/27606/503-service-unavailable-received-when-calling-a-se.html

I have added

this

<HTTPTargetConnection><URL>https://yourbackendserver.com</URL><SSLInfo><Enabled>true</Enabled><Protocols><Protocol>TLSv1.2</Protocol></Protocols></SSLInfo></HTTPTargetConnection>

but still facing the same 503 issue.

Being a free cloud member/user should we enable anything related to SNI ? If so then how to do that?

Can anybody help me out how to resolve this.

Thank you in advance.

Rayees

0 5 761
5 REPLIES 5

@Rayees Wani, This is due to certificate issue. Have you imported the server certificate in Apigee Keystore/Truststore?

Refer the link: http://docs.apigee.com/api-services/content/keystores-and-truststores

Hi @Mahammad Feroz ,

Thank you for reply. We have not configured any TLS settings here since the URL being used as a backend service works as is from browser so we are assuming this is one way SSL. We wanted to check if this issue is of SNI which is not supported on the free orgs.

Thanks,

Santosh

@santosh_ghalsasi, Is the certificate signed by CA or self signed? Try importing the certificate chain in Apigee trust store and check.

Hi @Mahammad Feroz ,

Thank you for reply. As per my understanding when Apigee establishes 1-way TLS connection at southbound with backend service there is no need to explicitly download and import the server certificate since Apigee is capable of doing it on its own. It is needed when we want to do mutual auth(2-way TLS). Please correct me if this is not the case.

Regards,

Santosh

Hi @Mahammad Feroz,

Thanks for your help 🙂

Actually I checked TLS certificates for my account and came to know that certificates are expired.

I tried hitting the same targetURL from my other account that I recently created and was able to get the proper response (200 OK successful) and I checked that TLS certificates are valid .

So, I tried importing valid certificates from my new account to old one but it didn't work.

I want to know that can we use TLS certificates from one organisation into another?

Need clarity here.

Regards,

Rayees Wani