This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Microgateway configuration cettificate error

Posted on 05-13-2019 11:20 AM
michaelmcdowell
New Member
Reply posted on --/--/---- --:-- AM

Having just installed the latest version of the Microgateway (2.3.5) I am recieving the following error trying to configure it for the 1st time:

listdeployments: {********},"asynclimit":4}
Going to invoke "https://api.enterprise.apigee.com/v1/o/**********/apis/edgemicro-auth/deployments"
{ Error: unable to get local issuer certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
    at emitNone (events.js:106:13)
    at TLSSocket.emit (events.js:208:7)
    at TLSSocket._finishInit (_tls_wrap.js:643:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }<br />
0 1 428
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
cjking
Staff
Reply posted on --/--/---- --:-- AM

This looks like SSL validation failed. That probably means either:

1) You don't have the standard root certificates installed on your OS

2) You have an SSL-intercepting proxy/firewall between your microgateway and the internet, and the certificate for that is not installed in your root certificate store.

Could you run this command on your server?

echo | openssl s_client -connect api.enterprise.apigee.com:443 -servername api.enterprise.apigee.com > /dev/null

If the depth=2 and depth=1 lines of your output looks like this:

depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = api.enterprise.apigee.com
verify return:1
DONE

Then 1) is your problem. Otherwise it's 2) and you need to talk to your network/security team.

0 Likes