Solved: How to customize client auth error?

cladius_fernand · 06-13-2019 04:15 AM

I've configured a virtual host to perform client authentication based on a cert/key. It is working fine. However, the error message that is thrown by Apigee is as follows for the negative scenario:

<html>
    <head>
        <title>400 No required SSL certificate was sent</title>
    </head>
    <body>
        <center>
            <h1>400 Bad Request</h1>
        </center>
        <center>No required SSL certificate was sent</center>
        <hr>
        <center>nginx</center>
    </body>
</html>

How can I customize this? I'm using OnPrem Version 4.19.01.00

cladius_fernand

For the benefit of the overall community posting the response provided by Apigee support.

To customize error message returned by Apigee Routers you have to modify its config and create new error page file. Here are the steps:

1) Add following payload to /opt/apigee/customer/applications/router.properties file

conf_load_balancing_load.balancing.driver.nginx.server.ssl2way.template.extra1=\\n error_page 400 /400.html;\\\ \n\\n location /400.html {\\\ \n\\n root ${conf_load_balancing_load.balancing.driver.nginx.global.docroot};\\\
\n\\n internal;\\\
\n\\n ${conf_load_balancing_load.balancing.driver.nginx.server.template.extra3}\\\
\n\\n }

2) Create file called 400.html in /opt/nginx/html/ folder with payload you want to display when 400 error is returned
3) Restart Apigee Edge Router.

At this point every time when someone sends request to mutual ssl endpoint without providing client certificates your custom message will be returned.

View solution in original post

cladius_fernand

For the benefit of the overall community posting the response provided by Apigee support.

To customize error message returned by Apigee Routers you have to modify its config and create new error page file. Here are the steps:

1) Add following payload to /opt/apigee/customer/applications/router.properties file

conf_load_balancing_load.balancing.driver.nginx.server.ssl2way.template.extra1=\\n error_page 400 /400.html;\\\ \n\\n location /400.html {\\\ \n\\n root ${conf_load_balancing_load.balancing.driver.nginx.global.docroot};\\\
\n\\n internal;\\\
\n\\n ${conf_load_balancing_load.balancing.driver.nginx.server.template.extra3}\\\
\n\\n }

2) Create file called 400.html in /opt/nginx/html/ folder with payload you want to display when 400 error is returned
3) Restart Apigee Edge Router.

At this point every time when someone sends request to mutual ssl endpoint without providing client certificates your custom message will be returned.

Former Community Member

hey @Cladius Fernando!

it is possible to modify this message not on OnPremises, but on Cloud Edge version?

Thanks,

mj

cladius_fernand

Hi,

I'm reading your comment as "Is it possible". I believe it is not possible on the cloud version. Primarily because this is a property file based change and it will affect all of the orgs that will be using the same Apigee nodes. However, if you are using a paid cloud account, I would still suggest that you raise a support ticket to get an answer from Apigee tech support.

Former Community Member

Thanks for reply, Cladius. Will do that.