Unable to create Vhost

Not applicable

Hi All,

I am trying to create a Vhost on my organisation and the doculmentation says clearly that the SSLInfo is optiona, and I have tried both with without and still I am unable to create the VHOST, can somone suggest what I am doing wrong.

Thanks

Approach 1

<VirtualHost name="internal">
   <HostAliases>
      <HostAlias>internal.mycompany.com/</HostAlias>
   </HostAliases>
   <Port>443</Port>
   <SSLInfo>
      <Enabled>false</Enabled>
      <ClientAuthEnabled>false</ClientAuthEnabled>
      <TrustStore>ref://hubKeyStoreReff</TrustStore>
      <KeyAlias>Key</KeyAlias>
   </SSLInfo>
</VirtualHost>
<VirtualHost name="internal">
   <HostAliases>
      <HostAlias>internal.mycompany.com/</HostAlias>
   </HostAliases>
   <Port>443</Port>
   <SSLInfo>
      <Enabled>true</Enabled>
      <ClientAuthEnabled>false</ClientAuthEnabled>
      <TrustStore>ref://KeyStoreRef</TrustStore>
      <KeyAlias>Key</KeyAlias>
   </SSLInfo>
</VirtualHost>

{
    "code": "messaging.config.beans.VirtualHostSSLInfoNotEnabled",
    "message": "Virtual host creation/update failed due to disabled SSLInfo. SSLInfo has to be enabled with required inputs for host alias validation",
    "contexts": []
}
0 16 783
16 REPLIES 16

Are you on the public cloud version of Apigee ?

Why are you trying to create a virtual host on 443 but have SSLInfo Enabled as false ? Can you please update that to true and try ?

Yes right, SSLInfo Enabled should be true

Please see my reply below

Not applicable

@madhan, Yes, I am using the Enterprise Cloud Apigee Edge,

@Sai @rauand If you see the VHost, I have tried with both first False and second to True, and I am getting the same response.

H @Jared - You can find more info on the Virtual host setup here. The API information is documented here. Probably you are missing some info on the SSLInfo - like the Keystore, etc

Not applicable

@sai Thanks for the suggestion, but I have pretty much tried everything, could you do me a fouvour, can try this and see if it works on yours,

Thanks

sgilson
Participant V

If this is for the Cloud, then there are a few issues:

- SSL must be enabled

- Port must be 443

- You must specify a keystore (you are specifying a truststore). Have you tried it with a keystore?

- You must be on a paid org, not a free or trial org. Do you have a paid account with a service contract?

- Your org must be enabled to let create a vhost. This feature is still in Beta. Did you make a request to Apigee Support for the feature to be enabled on your org?

Stephen

Not applicable

@sgilson Yes, I am on paid org, and yes I have a service contract, and I have not made a request to Apigee Support for the feature to be enabled.

I guess that could be the reason.

Thanks

And please try using a keystore, not a truststore, in your vhost.

Not applicable

@sgilson, I have requested Apigee to enable the vhost creation, and apparently they have. But I am still getting error messages. Basically, what I want to use the vhost is for internal proxies only, and I don't have any certs to use, do you know how I can get jold certs that I can out on my Keystore ?

I am still getting the same error.

<VirtualHost name="internal">
   <HostAliases>
      <HostAlias>internal.mycompany.com/</HostAlias>
   </HostAliases>
   <Interfaces/>
   <Port>443</Port>
</VirtualHost>
{
    "code": "messaging.config.beans.VirtualHostSSLInfoNotEnabled",
    "message": "Virtual host creation/update failed due to disabled SSLInfo. SSLInfo has to be enabled with required inputs for host alias validation",
    "contexts": []
}

As the error message shows, you must specify a keystore and must enable TLS on the Vhost. Your Vhost def should look like this:

<VirtualHost name="internal"> 
    <HostAliases> 
        <HostAlias>internal.mycompany.com</HostAlias> 
    </HostAliases> 
    <Port>443</Port> 
    <SSLInfo> 
        <Enabled>true</Enabled> 
        <ClientAuthEnabled>false</ClientAuthEnabled> 
        <KeyStore>ref://myTestKeystoreRef</KeyStore> 
        <KeyAlias>myKeyAlias</KeyAlias> 
    </SSLInfo>
</VirtualHost> 

See the doc here for more:

https://docs.apigee.com/api-services/content/configuring-virtual-hosts-cloud

Stephen

Not applicable

I have also created Custom KeyStore, with cert on UI Management it still not trusted,

{
    "hostAliases": [
        "internal.mycompany.com"
    ],
    "interfaces": [],
    "listenOptions": [],
    "name": "internal",
    "port": "443",
    "retryOptions": [],
    "sSLInfo": {
        "ciphers": [],
        "clientAuthEnabled": "false",
        "enabled": "true",
        "ignoreValidationErrors": false,
        "keyAlias": "TestAlias",
        "keyStore": "ref://testKeyStoreRef",
        "protocols": []
    }
}

{
    "code": "messaging.config.beans.VirtualHostCACertValidationError",
    "message": "Virtual host creation/update failed due to keystore cert validation error. Cert is invalid or cannot be not be trusted by java trust anchors or CAs",
    "contexts": []
}

Are you trying to use a self-signed cert? You must use a signed cert to create the vhost as described in https://docs.apigee.com/api-services/content/configuring-virtual-hosts-cloud

Stephen

Not applicable

I have tried self signed, as well as the default keystore that comes when spinning a new edge instance,

{
    "hostAliases": [
        "internal.mycompany.com"
    ],
    "interfaces": [],
    "listenOptions": [],
    "name": "internal",
    "port": "443",
    "retryOptions": [],
    "sSLInfo": {
        "ciphers": [],
        "clientAuthEnabled": "false",
        "enabled": "true",
        "ignoreValidationErrors": false,
        "keyAlias": "freetrial",
        "keyStore": "ref://freetrialref",
        "protocols": []
    }
}