This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Open Banking certificate - Getting error while loading open banking certificate in virtual host

Posted on 06-28-2018 08:58 AM
nsaini
New Member
Reply posted on --/--/---- --:-- AM

Hi

We are doing open banking registration and have got certs from Open banking. While creating virtual host, I am getting below error

{ "code": "messaging.config.beans.VirtualHostCACertValidationError", "message": "Virtual host creation/update failed due to keystore cert validation error. Cert is invalid or cannot be not be trusted by java trust anchors or CAs", "contexts": [] }

Has anyone faced this issue and whats the solution.

0 4 242
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
nsaini
New Member
Reply posted on --/--/---- --:-- AM

@Sean Davis @Ozan Seymen @Anil Sagar

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Can you provide some additional details behind "while creating virtual host" ? Exactly how are you creating the virtual host? at what point do you see the failure you included? Specifically what API are you invoking? And what certs have you got from "open banking"? I apologize, I am not clear on who "open banking" is, and what certs they issue, and how they are expected to be used. Maybe you could clarify for me.

Just a note: The vhost manages inbound communication. Any keystore used there should be loaded with a key + cert for YOUR HOST. eg: "api.mycompany.com" Is that what you're doing?

0 Likes

Posted on --/--/---- --:-- AM
nsaini
New Member
Reply posted on --/--/---- --:-- AM

Hi @Dino-at-Google

Thanks for your reply. I am using https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_nam...

to create vistual host. Keystore is already created.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to nsaini
Reply posted on --/--/---- --:-- AM

Hi. Thanks for the additional information. The API doc you cited is for keystores/truststores. That's not enough information. That doesn't help me understand what you are doing. I need to know how you are using the APIs. I need you to be specific and detailed and complete.

Exactly how are you creating the vhost? Are you doing it using the API directly? If so, can you explain exactly which APIs you are invoking? Probably there are a series of APIs. First create the truststore, then add the cert, then create the vhost... Have you done all of that? Please explain exactly HOW. I want to see request and response payloads.

Also I want to understand the contents of the truststore , what file you have uploaded, and I'd like to see the openssl diagnostics on the PEM file you uploaded into the truststore. And also the response you get from Apigee Admin API when creating the truststore.

0 Likes