Hi All,
I am trying to create a Vhost on my organisation and the doculmentation says clearly that the SSLInfo is optiona, and I have tried both with without and still I am unable to create the VHOST, can somone suggest what I am doing wrong.
Thanks
Approach 1
<VirtualHost name="internal"> <HostAliases> <HostAlias>internal.mycompany.com/</HostAlias> </HostAliases> <Port>443</Port> <SSLInfo> <Enabled>false</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <TrustStore>ref://hubKeyStoreReff</TrustStore> <KeyAlias>Key</KeyAlias> </SSLInfo> </VirtualHost>
<VirtualHost name="internal"> <HostAliases> <HostAlias>internal.mycompany.com/</HostAlias> </HostAliases> <Port>443</Port> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <TrustStore>ref://KeyStoreRef</TrustStore> <KeyAlias>Key</KeyAlias> </SSLInfo> </VirtualHost>
{ "code": "messaging.config.beans.VirtualHostSSLInfoNotEnabled", "message": "Virtual host creation/update failed due to disabled SSLInfo. SSLInfo has to be enabled with required inputs for host alias validation", "contexts": [] }
Are you on the public cloud version of Apigee ?
Why are you trying to create a virtual host on 443 but have SSLInfo Enabled as false ? Can you please update that to true and try ?
Yes right, SSLInfo Enabled should be true
Please see my reply below
@madhan, Yes, I am using the Enterprise Cloud Apigee Edge,
@Sai @rauand If you see the VHost, I have tried with both first False and second to True, and I am getting the same response.
@sai Thanks for the suggestion, but I have pretty much tried everything, could you do me a fouvour, can try this and see if it works on yours,
Thanks
If this is for the Cloud, then there are a few issues:
- SSL must be enabled
- Port must be 443
- You must specify a keystore (you are specifying a truststore). Have you tried it with a keystore?
- You must be on a paid org, not a free or trial org. Do you have a paid account with a service contract?
- Your org must be enabled to let create a vhost. This feature is still in Beta. Did you make a request to Apigee Support for the feature to be enabled on your org?
Stephen
@sgilson Yes, I am on paid org, and yes I have a service contract, and I have not made a request to Apigee Support for the feature to be enabled.
I guess that could be the reason.
Thanks
And please try using a keystore, not a truststore, in your vhost.
@sgilson, I have requested Apigee to enable the vhost creation, and apparently they have. But I am still getting error messages. Basically, what I want to use the vhost is for internal proxies only, and I don't have any certs to use, do you know how I can get jold certs that I can out on my Keystore ?
I am still getting the same error.
<VirtualHost name="internal"> <HostAliases> <HostAlias>internal.mycompany.com/</HostAlias> </HostAliases> <Interfaces/> <Port>443</Port> </VirtualHost>
{ "code": "messaging.config.beans.VirtualHostSSLInfoNotEnabled", "message": "Virtual host creation/update failed due to disabled SSLInfo. SSLInfo has to be enabled with required inputs for host alias validation", "contexts": [] }
As the error message shows, you must specify a keystore and must enable TLS on the Vhost. Your Vhost def should look like this:
<VirtualHost name="internal"> <HostAliases> <HostAlias>internal.mycompany.com</HostAlias> </HostAliases> <Port>443</Port> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <KeyStore>ref://myTestKeystoreRef</KeyStore> <KeyAlias>myKeyAlias</KeyAlias> </SSLInfo> </VirtualHost>
See the doc here for more:
https://docs.apigee.com/api-services/content/configuring-virtual-hosts-cloud
Stephen
I have also created Custom KeyStore, with cert on UI Management it still not trusted,
{ "hostAliases": [ "internal.mycompany.com" ], "interfaces": [], "listenOptions": [], "name": "internal", "port": "443", "retryOptions": [], "sSLInfo": { "ciphers": [], "clientAuthEnabled": "false", "enabled": "true", "ignoreValidationErrors": false, "keyAlias": "TestAlias", "keyStore": "ref://testKeyStoreRef", "protocols": [] } }
{ "code": "messaging.config.beans.VirtualHostCACertValidationError", "message": "Virtual host creation/update failed due to keystore cert validation error. Cert is invalid or cannot be not be trusted by java trust anchors or CAs", "contexts": [] }
Are you trying to use a self-signed cert? You must use a signed cert to create the vhost as described in https://docs.apigee.com/api-services/content/configuring-virtual-hosts-cloud
Stephen
I have tried self signed, as well as the default keystore that comes when spinning a new edge instance,
{ "hostAliases": [ "internal.mycompany.com" ], "interfaces": [], "listenOptions": [], "name": "internal", "port": "443", "retryOptions": [], "sSLInfo": { "ciphers": [], "clientAuthEnabled": "false", "enabled": "true", "ignoreValidationErrors": false, "keyAlias": "freetrial", "keyStore": "ref://freetrialref", "protocols": [] } }
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |