Problems creating 2-way SSL

Not applicable

I am having some issues following the documentation for how to create a keystore in Apigee in order to establish a 2-way SSL connection to a backend server.

All I received from the packed server is a PFX file containing the certificate and a password for the certificate.

The documentation talks about creating a JAR file containing the cert and and a public key. Can you walk me through this step? How do I create the JAR file and where do I run the commands from?

Also, I keep getting 401 unauthorized when I try to view exisitng certs even though I am an Admin on the portal. How do I go about this?

0 4 273
4 REPLIES 4

From the Apigee perspective we need to have a keypair with your private key and certificate (public key), as well access to the certificate (or certificate chain) of the certificate authority. You can acquire those from your CA, or if using self signed certificates you will simply import the certificate directly.

To start, follow the instructions at https://docs.apigee.com/api-services/content/keystores-and-truststores#aboutkeystoresandtruststores-... to generate the JAR file you mentioned in your post. This is just a specially-formatted archive that contains your keypair.

Then, use the management API at https://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_name%7... to upload the CA cert or self-signed certificate to another keystore (known as a truststore).

Finally, you can tie them together by referencing the appropriate keystore and truststore in your target server definition as described at https://docs.apigee.com/api-services/content/configuring-ssl-edge-backend-service#configuringtwowayt....

A 401 error indicates that the credentials you are providing are invalid. Check to make sure that you are sending the correct username and password to the management API.

Can you tell me more about the steps below?

  1. Create a JAR file containing your cert and private key.
  2. Create the keystore and upload the JAR File.

The full procedures linked in the post above will guide you step by step in creating the JAR file and the keystore. Did you encounter an error at a particular step in one of the procedures?

sreenivas_sp
Participant II

@Alisalim,

I was able to do the same using openssl and continue from there.

please let me know if you want me to share the procedure I followed to generate self signed cert for 2 way TLS.

Regards,

Sreenivas S P