Trust store is invalid

mikefrost · 08-29-2018 09:29 AM

I cant seem to come right with getting my Certs to pass validation on the Portal.

This is a signed Cert, however its been signed by our Internal Corp CA.

I have imported my cert as a Keychain with full chain - I am able to see the full chain when I inspect the cert in the Apigee portal (little dropdown).

However, when I test the keystore with valid names in either the CN or the SAN names - it fails with:

"Invalid Truststore. Unable to find valid certification path to requested target"

I also get an error when I try to add this same host name to my Virtual Host.

I have been trying to find an answer in docs and can find nothing.

Any advice?

ozanseymen

Is your virtual host pointing directly to the truststore or a reference [to a truststore]?

mikefrost

I have tried both - doesnt make a difference.

ozanseymen

If this is cloud, AFAIK you cannot change the virtualhost in the first instance to point to a reference. You might need to create a support ticket to ask support to point vhost to a reference first. Then you can modify which trust store this reference is pointing to without the need for a support ticket.

adevegowda

@Michael Frost,

If you are on Private Cloud, then check if the certificates are loaded on the Router properly.

Go to /opt/nginx/conf.d folder and check if the .cert and .pem files have the proper certificates
You could use the below command to check the contents of the file
```
openssl x509 -in <Certificate file> -text -noout
```
If you notice that the latest/proper certificates are not reflecting here. Then, restart the router and recheck if that resolves the issue.
```
apigee-service edge-router restart
```

If you are on Public cloud or need further help, please contact Apigee Support.