Solved: Mutual TLS between API client and API proxy doesn'...

Report Inappropriate Content · 07-26-2018 06:13 AM

We have recently moved from One way TLS to 2 way TLS, the trust store was setup, reference was created and the reference was used to update the virtual host definition via Apigee Edge.

When tested the connection between API client and the API Proxy initially it worked consistently.

Later, after 1 day, it is working some times and fails some times.

When it fails we receive HTTP 400 (bad request) with SSL certificate error.

Does this change (moving from 1 way TLS to 2 way TLS) requires a restart of edge routers?

The IP address of the API virtual host seems continuously floating, is it possible that it works on some IPs and not working on others?

dchiesa1

Yes it's possible it is working on some routers and not on others.

You didn't mention whether you are using Edge SaaS or you are managing your own Edge installation (OPDK).

If Edge Saas, contact Apigee Support and ask them to help diagnose the problem.

If Edge OPDK, then you will need to compare the nginx conf files yourself between the various routers.

View solution in original post

API-Evangelist

Run a TCPDump to capture more details what is happening when is it failing.

dchiesa1

Yes it's possible it is working on some routers and not on others.

You didn't mention whether you are using Edge SaaS or you are managing your own Edge installation (OPDK).

If Edge Saas, contact Apigee Support and ask them to help diagnose the problem.

If Edge OPDK, then you will need to compare the nginx conf files yourself between the various routers.

Report Inappropriate Content

Hi @Dino-at-Google, thanks for the reply, we are using Edge SaaS, we'll contact Apigee support for the help, nothing mentioned about restarting of the routers when this shift (TLS->MTLS) is done via Edge UI.

Mutual TLS between API client and API proxy doesn't work consistently